Ten Years Since Stuxnet and Has It All Changed?
As I grow older, things that happened ten years ago feel like they come more frequently, maybe because I can remember them happening. I reflect and really can’t believe another decade has passed. Time does fly. A lot has changed in the world we live in and yet so much has not progressed at the pace expected.
It was ten years ago that the world first heard the word Stuxnet, but for many, what they heard was a nuclear facility was under a cyber-attack. It was a scary headline and the stuff of movie scripts.
For those who didn’t follow this story, a piece of highly sophisticated malware was introduced to an Iranian nuclear facility on a USB drive. That malware was a worm that exploited a zero day vulnerability.
The malware was designed to spin the nuclear centrifuges faster and faster until they failed. The failure was not meant to cause a disaster, just financial and time impacts on the nuclear program.
The worm was never meant to leave the OT network, however due to the aggressive nature, it did get to the internet. It spread rapidly and researchers started to analyse it, and the links to physical Siemens controllers for nuclear centrifuges identified.
Widely believed to be state based malware built by cooperating governments, some officials have claimed this as a success of their tenure in government.
How could this attack of been prevented?
Many would argue that when facing a state-based attack with the resources, skills, and focus for the outcome, it is very hard to protect against this type of attack.
Let’s just imagine for one second that I am the IT manager for an OT or secure network. I am not being targeted by a state-based attack but do want to provide myself a great baseline of protection that can safeguard me against similar attacks.
Device Control – By applying control policies for third-party devices, I can ensure that only approved devices could be plugged in and used to copy code/data onto or off the network. This control is highlighted by the ACSC as a critical control against malicious insiders.
The ACSC Essential controls are also a great place to start for basic cyber hygiene:
Application Control – OT environments typically have dedicated devices with dedicated functions, so applications are fairly static and updates less frequent than many environments. Enforcing policies so only approved known executions occur will protect against unknown introduced code.
Patching – Although Stuxnet exploited a zero day, it was not long until that zero day was available to patch. In September 2020 we saw the Zero Logon vulnerability that has a patch but is now being exploited in the wild as organisations have not patched a known critical vulnerability within the 48 hours recommended by experts.
It’s a multi layered defense in depth approach that helps to prevent against these or similar types of attacks. The best place to start is foundational security controls as recommended by the ACSC and other institutions.
How Ivanti Can Help
We work with many customers protecting their OT environments up and down the east coast of Australia. Many of you reading this blog will not know that Ivanti helps to protect your utilities every day.
Ten years may have passed since Stuxnet but many organisations I talk to are still struggling to implement these basic cyber security controls to support protecting themselves against attack. The tools are available, but for many, the overhead and work required to implement and manage such controls is perceived too big a task.
Be it application whitelisting, OS and third-party patching for Windows or Linux and device control, Ivanti has solutions to help protect not only OT environments, but desktops, laptops, servers or your cloud environments.
All these solutions are built on three core values:
- Deliver value quickly by being simple to quickly roll out
- Low cost of management overhead moving forwards, even automating tasks to reduce costs
- Context aware to cater for modern flexible working/use cases
If you want any more information on how any of these solutions can help you secure your environment, please visit our website at www.ivanti.com.au.