The Stuxnet worm has highlighted that direct-attacks on critical infrastructure are possible and not just movie...
plotlines, say researchers.
The real-world implications of Stuxnet are beyond any threat the world has seen in the past, according to a report by the Symantec Security Response team.
The goal of Stuxnet appears to be to reprogram industrial control systems (ICS) by modifying code on programmable logic controllers (PLCs) to make them work in a manner the attacker intended and to hide those changes from the operator of the equipment, the report said.
To achieve this goal, researchers said the creators amassed a vast array of components to increase their chances of success.
These include zero-day exploits, a Windows rootkit, the first ever PLC rootkit, anti-virus evasion techniques, complex process injection and hooking code, network infection routines, peer-to-peer updates, and a command and control interface.
Stuxnet is the first piece of malicious code to exploit at least four zero-day vulnerabilities, use two digital certificates, inject code into industrial control systems and hide the code from the operator.
Stuxnet is of such complexity, requiring significant resources to develop, that few attackers will be capable of producing a similar threat, the report said.
For these reasons, Symantec's researchers do not expect masses of threats of similar sophistication to suddenly appear.
But they warn that while Stuxnet may be a once-in-a-decade occurrence, it could also usher in a new generation of malicious code attacks on real-world infrastructure, overshadowing the vast majority of current attacks affecting virtual or individual assets.