What Is The Stuxnet Worm?

Uploaded on 2017-09-19 in FREE TO VIEW, GOVERNMENT-Defence, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

Stuxnet is a computer worm that  targets industrial control systems, but is most famous for most likely being the first genuine cyber-weapon, in that it was designed to inflict physical damage.

It was developed by the US and Israel (although they have never confirmed this) to target the Iranian nuclear programme.

The worm, first spotted in 2010, targeted specific Siemens industrial control systems, and seemed to be targeting the systems controlling the centrifuges in the Iranian uranium enrichment project, apparently damaging 1,000 of these centrifuges and delaying the project, although the overall impact on the programme is not clear.

Stuxnet was a complicated worm, using four different zero-day exploits and likely took millions of dollars of research and months or years of work to create.

Is Cyber Warfare Escalation a Concern?

There is a definite risk that we are at the early stages of a cyberwar arms race: as countries realise that having a cyberwarfare strategy is necessary they will increase spending and start to stockpile weapons, just like any other arms race.

That means there could be more nations stockpiling zero-day attacks, which means more holes in software not being patched, which makes us all less secure. And countries with stockpiles of cyber weapons may mean cyber conflicts are able to escalate quicker. One of the big problems is that these programmes tend to be developed in secret with  very little oversight and accountability and with murky rules of engagement.

What are the targets in cyber-war?

Military systems are an obvious target: preventing commanders from communicating with their troops or seeing where the enemy is would give an attacker a major advantage.

However, because most developed economies rely on computerised systems for everything from power to food and transport many governments are very worried that rival states may target critical national infrastructure. Supervisory control and data acquisition (SCADA) systems, or industrial control systems, which run factories, power stations and other industrial processes are a big target, as Stuxnet showed.

These systems can be decades old and were rarely designed with security as a priority, but are increasingly being connected to the internet to make them more efficient or easy to monitor. But this also makes these systems more vulnerable to attack, and security is rarely upgraded because the organisations operating them do not consider themselves to be a target.

A short history of Cyber-War

For many people 2007 was when cyber-war went from the theoretical to the actual.

When the government of the eastern European state of Estonia announced plans to move a Soviet war memorial, it found itself under a furious digital bombardment that knocked banks and government services offline (the attack is generally considered to have been Russian hackers; Russian authorities denied any knowledge).

However, the DDoS attacks on Estonia did not create physical damage and, while a significant event, were not considered to have risen to the level of actual cyber warfare.

Another cyberwarfare milestone was hit the same year, however, when the Idaho National Laboratory proved, via the  Aurora Generator Test, that a digital attack could be used to destroy physical objects, in this case a generator.

The Stuxnet malware attack took place in 2010, which proved that malware could impact the physical world.

Since then there has been a steady stream of stories: in 2013 the NSA said it had stopped a plot by an unnamed nation, believed to be China, to attack the BIOS chip in PCs, rendering them unusable.

In 2014 there was the attack on Sony Pictures Entertainment, blamed by many on North Korea, which showed that it was not just government systems and data that could be targeted by state-backed hackers.

Perhaps most seriously, just before Christmas in 2015 hackers managed to disrupt the power supply in  parts of Ukraine, by using a well-known Trojan called BlackEnergy. In March 2016 seven Iranian hackers were accused of trying to shut down a New York dam in a federal grand jury indictment.

Nations are rapidly building cyber defence and offence capabilities and NATO in 2014 took the important step of confirming that a cyberattack on one of its members would be enough to allow them to  invoke Article 5, the collective defence mechanism at the heart of the alliance.
 
In 2016/17 it then defined cyber-space as an "operational domain", an area in which conflict can occur: the Internet had officially become a battlefield.

ZDNet:

You Might Also Read:

Dark Territory: The Secret History of Cyber War:

Stuxnet, Secrecy & The New Era of Cyber War:

Son Of Stuxnet: Irongate Malware:

 

 

« Which Countries Are Ready For Cyberwar?
Cyber Vulnerability Affecting 745,000 Pacemakers »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

SSH Communications Security

SSH Communications Security

SSH Communications Security is a leading provider of enterprise cybersecurity solutions for controlling trusted access to information systems and data.

Maryville Online - Cybersecurity Program

Maryville Online - Cybersecurity Program

The Cybersecurity Program at Maryville Online is designed to help students reach opportunities in cybersecurity leadership and management through an entirely online curriculum.

LogonBox Software

LogonBox Software

LogonBox Software specialises in producing a cost-effective range of Network Security and Identity Management software solutions for all sizes of Enterprise.

CERT-AM

CERT-AM

CERT-AM is the national Computer Emergency Response Team for Armenia.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP)

CyberSecurity Non-Profit (CSNP) is a 501(c)(3) non-profit organization dedicated to promoting cybersecurity awareness and education.

Partnership for Conflict, Crime and Security Research (PaCCS)

Partnership for Conflict, Crime and Security Research (PaCCS)

PaCCS delivers high quality and cutting edge research to improve our understanding of current and future global security challenges in areas including cybersecurity.

Concentric

Concentric

Concentric Data Risk Monitoring and Protection. Deep Learning to discover, monitor and remediate risks to sensitive data on-premises and in the cloud.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

Jamf

Jamf

Jamf is the only Apple Enterprise Management solution of scale that remotely connects, manages and protects Apple users, devices and services.

Safe Systems

Safe Systems

Safe Systems provide compliance centric IT services for community banks and credit unions, ensuring that they are kept up to date on current technologies, security risks, and regulatory changes.

LocateRisk

LocateRisk

LocateRisk provides more efficiency, transparency and comparability in IT security with automated, KPI-based IT risk analyses.

Darkscope

Darkscope

Darkscope is an award-winning personalised cyber intelligence service provider. Our cutting-edge AI and Deep Artificial Neural Networks lead the world of cyber intelligence solutions.

ZINAD IT

ZINAD IT

ZINAD is an information security company offering state-of-the-art cybersecurity awareness products, solutions and services.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.

CERT.ar

CERT.ar

CERT.ar is the national Computer Emergency Response Team for the technical-administrative management of computer security incidents in the National Public Sector of Argentina.