Stuxnet Virus May Be Most Threatening Malware Ever

A group of cyber-security experts told US lawmakers Wednesday that American facilities could be the next target of the Stuxnet virus. The Stuxnet virus made headlines this past summer when it infected USB memory sticks and attacked Siemens industrial automation systems.

Security experts believe that the virus went beyond the work of an individual prankster and was instead a sinister "game changer". That's because unlike most viruses, which aim either to merely cause disruption or to make money through stealing data or by redirecting web browsers to pay-per-click ads, Stuxnet is specifically designed to attack large corporate computer systems.

Stuxnet Believed to have Targeted Iran Nuclear Facilities

While security experts are uncertain about the origins of Stuxnet and have not conclusively determined the identity or motives of its creators, it's widely believed to have been designed to target Iran's nuclear facilities. Given the controversy over how Iran intends to use those facilities, some believe the attacks were politically motivated.

Now, Sean McGurk, head of the cyber-security division at the Department of Homeland Security, warns that other hackers might extract the code behind Stuxnet and adapt it to attack other infrastructure computer systems, including in the US. (Source: pcworld.com)

MS Windows Operating System at the Heart

According to McGurk, the combination of operating system (Windows) and hardware (Siemens) vulnerable to Stuxnet in its original form is used in systems as diverse as chemical processing, automobile assembly lines and baby formula.

One security firm reports that 50 industrial control systems in the US have already been infected with Stuxnet due to the way it spreads from machine to machine. Thankfully, the damage hasn't been serious because (for the time being) the virus wasn't specifically written to target those facilities. (Source: csmonitor.com)

Businesses Need to Step-Up Computer Security

Another security expert says the most worrying thing about Stuxnet is that it's the type of cyber threat that had always been considered hypothetically possible but, until now, had never been seen in reality.

Michael Assante, chief security officer at the North American Electric Reliability Corp. (NERC), also warned that existing government standards for online security among businesses may have had an unintended effect: while officials see them as a minimum standard, companies see them as the maximum effort they should make.

Assante also noted that private business and public agencies may have to make a cultural change to tackle the problem. He said that, at the moment, the desire to keep security details as secretive as possible is hampering the need for the security community to share information about threats and defenses.