Stuxnet Successor Looking for New Cyber Targets?

Warnings go out to industrial control systems manufacturers and users

2 min read

Stuxnet Successor Looking for New Cyber Targets?

There were reports this week about the discovery of a new "variant" of the Stuxnet worm that was discovered last year. According to news reports like this one at ABC News and one at the New York Times, the new threat - dubbed W32.Duqu by the security company Symantec - is nearly identical to Stuxnet but it apparently has a different purpose.

Instead of being used to attack an industrial control system, W32.Duqu seems to be designed to carry out surveillance to identify system vulnerabilities that can be attacked in the future. As described by Symantec in its security response note (PDF):

"Duqu’s purpose is to gather intelligence data and assets from entities such as industrial control system manufacturers in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility."

In addition, Symantec reports that W32.Duqu is highly targeted toward specific organizations that possessed particular IT systems, and is designed to stay active for only 36 days and then remove itself.

Symantec also reports that W32.Duqu, which it rates as a very low risk, may have been active as early as December of last year, although it was discovered only recently.

The New York Times article says that W32.Duqu "... could not have been written without having access to the original [Stuxnet] programmer’s instructions" since the original Stuxnet code was never made public.

Vikram Thakur, principle security response manager at Symantec, is quoted in the Times as saying in regard to W32.Duqu:

"This is extremely sophisticated, this is cutting edge."

However, after reading an article published about a week ago in PC World, one cannot help wonder why the programmers behind Stuxnet and W32.Duqu needed to resort to any level of sophistication.

According to the PC World article, industrial control systems seem to be chock-full of IT security holes of varying degrees of operational consequence. In fact, the discovery of Stuxnet last year seems to have sparked major interest in the IT security community to find security holes in various manufacturers' industrial control systems, which the PC World article says, number possibly in the hundreds.

Given the general speculation that the creators of Stuxnet and W32.Duqu are a national security service - those of the US and Israel are frequently mentioned - a conspiracy theorist might think that one purpose of the worm is to highlight the poor-level of IT security in industrial control systems.

But I'm not a conspiracy theorist.

Photo: iStockphoto

The Conversation (0)