Stuxnet- Hacking Industrial Systems

Stuxnet was the first malware attacking Industrial Control Systems (ICSs). This cyberweapon was designed to disrupt Iran’s nuclear program by affecting the centrifuges used to enrich Uranium.

Stuxnet can infect Windows 2000 up to Windows 7. The malware’s main target was a system composed of Siemens SIMATIC WinCC, PCS7, and Programming Language Controllers (PLCs) that communicated with the drivers controlling the centrifuges.

If the software landed on an unintended host, a program was installed that would automatically load the malware when the computer started and hide the presence of the malware. It would then employ methods to propagate to new targets.

If the target contained the requisite Siemens systems, the malware would exploit default credentials from the SQL Server to install itself in the WinCC (software used to control industry processes) database.

It would then manipulate a critical driver used to communicate with the PLCs. Through this, it could sabotage the centrifuge system by slowing down and speeding up motors.

Characteristics of Stuxnet

Stuxnet uses zero-day exploits, which utilise software vulnerabilities unknown to the creator, and stolen certificates to install a rootkit (malware designed to regain access of host) on Windows machines.

Spreading through removable media (like USB sticks), print services, and WinCC databases, the virus takes control over the PLCs, interrupts processes and modifies PLC outputs.

It can lay dormant but can also reinfect cleaned systems and update itself in infected networks.

Aftermath and Learnings

Siemens promptly responded with a security advisory and a tool to detect and remove Stuxnet.

We learned that though PLCs don’t run modern Operating Systems, they can be hacked too. Firewalls that blacklist malware by comparing it to “bad code” are insufficient catchall defences that need to be updated.

Stuxnet changed the general perspective on hacking industrial control systems. Nothing like it had been seen before. It made people aware that industrial systems can be hacked too.

2 comments

  1. Wonderful . Such complex subject so simply explained. I could not stop till the end. Keep it up.

Comments are closed.