I came across an excellent story by Ars Technica on the Stuxnet malware. It’s well worth the read as it goes into detail on how the virus originated, how it was analyzed and how security researchers got to the bottom of what it had been designed to do.
Stuxnet is a piece of malware allegedly designed to infect Iran’s nuclear facilities’ systems and damage the centrifuges where uranium enrichment was taking place.
It’s an intriguing story on what people can achieve when they launch targeted cyber attacks on their victims. The Stuxnet malware was quite sophisticated; using obfuscation techniques to avoid detection and reverse engineering, multiple zero-day exploits to help it spread and infect new machines, as well as having a malicious payload targeting specific hardware (the centrifuges). The Stuxnet malware also used stolen digital certificates from two companies, Realtek and JMicron Technologies, to trick the system into accepting it as a genuine piece of software.
The Stuxnet malware was designed to use programmable logic controllers that altered the way the centrifuges worked, allegedly induce stress and, finally leading to a breakdown in the system. By altering the frequency of the centrifuges, the virus forced the centrifuges to rotate at maximum speed for brief periods of time, then at normal speed, and then at the slowest possible speed before rotating against at normal speed again. This occurred only when the hardware met particular specifications.
This story shows how malware can be designed to cause serious damage to a targeted system or organization. Stuxnet hijacked the application controlling the programmable logic controls in such a way that the physical changes to the hardware were made but they would not be noticed by staff checking the system’s operational parameters.
It is unlikely that such complex malware would be engineered to attack non-high profile targets but it’s a great insight into the brains behind malware designers and how their work evolves and hits targets with surgical precision.