Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

ENISA on Stuxnet Attacks and its Technical Implications for Europe

Stuxnet – a Paradigm Shift In Threats and Critical Information Infrastructure Protection

Stuxnet – a Paradigm Shift In Threats and Critical Information Infrastructure Protection

Stuxnet, the highly specialized malware that targets SCADA systems that monitor and control industrial processes, such as those in nuclear power plants, or other industrial facilities, has kept the security industry spinning for the last few months.Stuxnet Analysis

This new breed of sophisticated malware takes advantage of vulnerabilities in the Windows operating system, typically being propagated via USB-drives or open an network. Once installed, the malware can wait patiently for a network connection and update itself. An infected system can often be controlled remotely by the attacker, essentially handing over control of the facility (or parts of it) where the malware is hosted.

This week, the European Network and Information Security Agency (ENISA), Europe’s Cyber security agency, produced an initial comment and analysis on the recent Stuxnet attacks on its importance, and its technical implications for Europe.

The Agency considers Stuxnet a paradigm shift, and warns that similar attacks may occur. It argues that Europe should reconsider its protection measures for Critical Information Infrastructure Protection (CIIP). ENISA has produced a high-level impact analysis of the Stuxnet malware, though most security industry vendors have produced much more detailed analysis of the malware.

Regardless of the level detail in ENISA’s analysis, the agency’s goal is to provide EU decision makers with guidance on how to interpret the malware, its potential impact, mitigation and what these new types of attacks in general mean for Europe.

“Stuxnet is really a paradigm shift, as Stuxnet is a new class and dimension of malware. Not only for its complexity and sophistication, e.g. by the combination of exploiting four different vulnerabilities in Windows, and by using two stolen certificates, and from there attacking complex Siemens SCADA systems,” said Dr. Udo Helmbrecht Executive Director of ENISA.

“The attackers have invested a substantial amount of time and money to build such a complex attack tool. The fact that perpetrators activated such an attack tool, can be considered as the “first strike”, i.e. one of the first organized, well-prepared attack against major industrial resources,” Helmbrecht added.

“This has tremendous effect on how to protect national (CIIP) in the future. After Stuxnet, the currently prevailing philosophies on CIIP will have to be reconsidered. They should be developed to withstand these new types of sophisticated attack methods. Now, that Stuxnet and its implemented principles have become public, we may see more of these kinds of attacks. All security actors will thus have to be working more closely together and develop better and more coordinated strategies.” Dr Helmbrecht concludes.

Advertisement. Scroll to continue reading.

Large scale attacks on Critical Information Infrastructure needs a coordinated reaction, involving the key players from both public and private sector. No Member State, hardware/software vendor, CERT or law enforcement agency can successfully mitigate sophisticated attacks like Stuxnet on their own. ENISA, as an EU body of expertise in Network and Information Security (NIS), is supporting the European Commission’s CIIP action plan. This involves working closely with the Member States, public and private sector stakeholders’ to secure Europe’s Critical Information Infrastructure.

In 2011, ENISA will support the development of good practices in securing SCADA systems and analyze dependencies of critical sectors to Information and Communication Technologies.

ENISA actively supports a coordinated reaction to large-scale attacks, and will (if called upon) willingly take its role as coordinator and facilitator for appropriate counter measures.

Several NIS agencies in the EU Member States published information about Stuxnet in their respective language. Please refer to the ENISA country reports for an overview of security activities in each Member State.

Related Reading: Stuxnet Sux or Stuxnet Success Story?

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.