The December 2022 issue of IEEE Spectrum is here!

Close bar

Stuxnet Successor Looking for New Cyber Targets?

Warnings go out to industrial control systems manufacturers and users

2 min read
Stuxnet Successor Looking for New Cyber Targets?

There were reports this week about the discovery of a new "variant" of the Stuxnet worm that was discovered last year. According to news reports like this one at ABC News and one at the New York Times, the new threat - dubbed W32.Duqu by the security company Symantec - is nearly identical to Stuxnet but it apparently has a different purpose.

Instead of being used to attack an industrial control system, W32.Duqu seems to be designed to carry out surveillance to identify system vulnerabilities that can be attacked in the future. As described by Symantec in its security response note (PDF):

"Duqu’s purpose is to gather intelligence data and assets from entities such as industrial control system manufacturers in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."

In addition, Symantec reports that W32.Duqu is highly targeted toward specific organizations that possessed particular IT systems, and is designed to stay active for only 36 days and then remove itself.

Symantec also reports that W32.Duqu, which it rates as a very low risk, may have been active as early as December of last year, although it was discovered only recently.

The New York Times article says that W32.Duqu "... could not have been written without having access to the original [Stuxnet] programmer’s instructions" since the original Stuxnet code was never made public.

Vikram Thakur, principle security response manager at Symantec, is quoted in the Times as saying in regard to W32.Duqu:

"This is extremely sophisticated, this is cutting edge."

However, after reading an article published about a week ago in PC World, one cannot help wonder why the programmers behind Stuxnet and W32.Duqu needed to resort to any level of sophistication.

According to the PC World article, industrial control systems seem to be chock-full of IT security holes of varying degrees of operational consequence. In fact, the discovery of Stuxnet last year seems to have sparked major interest in the IT security community to find security holes in various manufacturers' industrial control systems, which the PC World article says, number possibly in the hundreds.

Given the general speculation that the creators of Stuxnet and W32.Duqu are a national security service - those of the US and Israel are frequently mentioned - a conspiracy theorist might think that one purpose of the worm is to highlight the poor-level of IT security in industrial control systems.

But I'm not a conspiracy theorist.

Photo: iStockphoto

The Conversation (0)

Metamaterials Could Solve One of 6G’s Big Problems

There’s plenty of bandwidth available if we use reconfigurable intelligent surfaces

12 min read
An illustration depicting cellphone users at street level in a city, with wireless signals reaching them via reflecting surfaces.

Ground level in a typical urban canyon, shielded by tall buildings, will be inaccessible to some 6G frequencies. Deft placement of reconfigurable intelligent surfaces [yellow] will enable the signals to pervade these areas.

Chris Philpot

For all the tumultuous revolution in wireless technology over the past several decades, there have been a couple of constants. One is the overcrowding of radio bands, and the other is the move to escape that congestion by exploiting higher and higher frequencies. And today, as engineers roll out 5G and plan for 6G wireless, they find themselves at a crossroads: After years of designing superefficient transmitters and receivers, and of compensating for the signal losses at the end points of a radio channel, they’re beginning to realize that they are approaching the practical limits of transmitter and receiver efficiency. From now on, to get high performance as we go to higher frequencies, we will need to engineer the wireless channel itself. But how can we possibly engineer and control a wireless environment, which is determined by a host of factors, many of them random and therefore unpredictable?

Perhaps the most promising solution, right now, is to use reconfigurable intelligent surfaces. These are planar structures typically ranging in size from about 100 square centimeters to about 5 square meters or more, depending on the frequency and other factors. These surfaces use advanced substances called metamaterials to reflect and refract electromagnetic waves. Thin two-dimensional metamaterials, known as metasurfaces, can be designed to sense the local electromagnetic environment and tune the wave’s key properties, such as its amplitude, phase, and polarization, as the wave is reflected or refracted by the surface. So as the waves fall on such a surface, it can alter the incident waves’ direction so as to strengthen the channel. In fact, these metasurfaces can be programmed to make these changes dynamically, reconfiguring the signal in real time in response to changes in the wireless channel. Think of reconfigurable intelligent surfaces as the next evolution of the repeater concept.

Keep Reading ↓Show less