Monday 11 October 2010

Stuxnet Updates

And It Wriggles On

There seems yet no end in sight for the Machiavellian malware, second in history only to last year's Aurora attacks. A list of coverage and miscellaneous links (don't want to lose sight of these):
  • Iran continues to blame "Western states" for a plot seeking to frustrate their "peaceful nuclear program".
  • One researcher from Symantec's security response team (actually a co-author of the W32.Stuxnet Dossier) described a possible attack scenario, speculating that the initial attack was already complete before discovery.
  • Dennis Fisher of Kaspersky's threatpost blogged a bit more about the extreme level of sophistication embodied in the worm's construction, casting doubt on the Israel-Iran "cookie-cutter narrative".
  • A Netherlands supplier of industrial sorting systems reported repelling two attacks, while that country's Borssele nuclear power plant also remains on high alert.
  • Slightly off-topic: in a just-published Symantec survey of critical infrastructure providers, more than half report their networks experienced multiple (average 10) "politically motivated cyber attacks" in the past five years, resulting in typical costs of $850,000 per supplier over the period.
Finally, there's this comprehensive treatment by Bruce Schneier (above) of the Stuxnet outbreak, the analyses presented to date, the speculations of the press, and a voice of considered reason amid the hyperbole.

No comments:

Post a Comment