SCADA Systems Under Attack

It is well known that back in days of IBM PC and MS-DOS malware was mostly created as a hobby to drive vanity of their creators, as a result it was not unusual to cause dire consequences such as formatting the hard-drive. Currently, malware is mostly created for financial gains, such as selling botnets of infected hosts for spam distribution or collection of credit card numbers, as a result it is specifically created to be as stealthy as possible. Recent events hint that we entering a new phase.

Stuxnet is the first publicly known worm to target industrial control systems, often generically referred to as SCADA systems. Not only did Stuxnet include malicious STL (Statement List) code, an assembly-like programming language, which is used to control industrial control systems, it included the first ever PLC (programmable logic controller) rootkit hiding the STL code. It also included a zero-day vulnerability to spread via USB drives, a Windows rootkit to hide its Windows binary components, and it signed its files with certificates stolen from other unrelated third-party companies. All of these characteristics are noteworthy in their own right, however when they all converge within one threat it is clear that there is a special force at work.

As a side-note: industrial systems were designed to be separate from public networks and, once this assumption turns out to be false, the security failures become inevitable.