Stuxnet Successor Looking for New Cyber Targets?

Warnings go out to industrial control systems manufacturers and users

2 min read
Stuxnet Successor Looking for New Cyber Targets?

There were reports this week about the discovery of a new "variant" of the Stuxnet worm that was discovered last year. According to news reports like this one at ABC News and one at the New York Times, the new threat - dubbed W32.Duqu by the security company Symantec - is nearly identical to Stuxnet but it apparently has a different purpose.

Instead of being used to attack an industrial control system, W32.Duqu seems to be designed to carry out surveillance to identify system vulnerabilities that can be attacked in the future. As described by Symantec in its security response note (PDF):

"Duqu’s purpose is to gather intelligence data and assets from entities such as industrial control system manufacturers in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."

In addition, Symantec reports that W32.Duqu is highly targeted toward specific organizations that possessed particular IT systems, and is designed to stay active for only 36 days and then remove itself.

Symantec also reports that W32.Duqu, which it rates as a very low risk, may have been active as early as December of last year, although it was discovered only recently.

The New York Times article says that W32.Duqu "... could not have been written without having access to the original [Stuxnet] programmer’s instructions" since the original Stuxnet code was never made public.

Vikram Thakur, principle security response manager at Symantec, is quoted in the Times as saying in regard to W32.Duqu:

"This is extremely sophisticated, this is cutting edge."

However, after reading an article published about a week ago in PC World, one cannot help wonder why the programmers behind Stuxnet and W32.Duqu needed to resort to any level of sophistication.

According to the PC World article, industrial control systems seem to be chock-full of IT security holes of varying degrees of operational consequence. In fact, the discovery of Stuxnet last year seems to have sparked major interest in the IT security community to find security holes in various manufacturers' industrial control systems, which the PC World article says, number possibly in the hundreds.

Given the general speculation that the creators of Stuxnet and W32.Duqu are a national security service - those of the US and Israel are frequently mentioned - a conspiracy theorist might think that one purpose of the worm is to highlight the poor-level of IT security in industrial control systems.

But I'm not a conspiracy theorist.

Photo: iStockphoto

The Conversation (0)

How Police Exploited the Capitol Riot’s Digital Records

Forensic technology is powerful, but is it worth the privacy trade-offs?

11 min read
 Illustration of the silhouette of a person with upraised arm holding a cellphone in front of the U.S. Capitol building. Superimposed on the head is a green matrix, which represents data points used for facial recognition
Gabriel Zimmer

The group of well-dressed young men who gathered on the outskirts of Baltimore on the night of 5 January 2021 hardly looked like extremists. But the next day, prosecutors allege, they would all breach the United States Capitol during the deadly insurrection. Several would loot and destroy media equipment, and one would assault a policeman.

No strangers to protest, the men, members of the America First movement, diligently donned masks to obscure their faces. None boasted of their exploits on social media, and none of their friends or family would come forward to denounce them. But on 5 January, they made one piping hot, family-size mistake: They shared a pizza.

Keep Reading ↓Show less