Top security exec: Beware the ‘sons of Stuxnet’

The virus that compromised Iran’s nuclear infrastructure is a model of things to come, and Israel is not immune

Map of countries affected by the Red October malware. (Screenshot Courtesy Kaspersky Lab)
Map of countries affected by the Red October malware. (Screenshot Courtesy Kaspersky Lab)

Stuxnet was, according to many security analysts, a major success. The virus that targeted Iranian infrastructure servers significantly delayed the progress of that country’s nuclear program, most experts agree.

But the success of Stuxnet wasn’t just in its effect on Iranian computers. The fact that the worm was able to penetrate so deeply and effectively into a system that was, no doubt, protected very securely was a testimony to the skills of the team that developed the program.

That is the kind of success that inspires copycats and leads hackers to develop “offspring” building on the sophistication and reach of the original, said Sergey Novikov, deputy director, global research & analysis team at Kaspersky Lab.

Novikov was in Israel recently to introduce Kaspersky’s new security product, Endpoint Security for Business. As part of the introduction, he gave a general presentation on the computer security situation in general as well as in Israel.

With all the publicity surrounding Stuxnet and Flame (which Kaspersky Lab head Eugene Kaspersky last year called “the beginning of the end of the world as we know it“), one would expect that awareness of the security risks in unprotected surfing would be high and that companies would be taking every possible precaution.

But there is still a long way to go. During the first five months of 2013, a new virus, Trojan or other piece of malware was being discovered at a rate twice as fast as the same period in 2012. This year it’s about one every half-second, which is equivalent to an astounding 200,000 per day.

Nevertheless, some three-quarters of the IT decision makers and managers in large enterprise companies are convinced either that they are ready for the onslaught — even though, a Kaspersky Lab poll showed, most had no idea of the extent and power of today’s malware — or that “it won’t happen to us.”

Another one-quarter of top computer system managers in these companies were aware of the dangers, but said that they could not justify to their bosses the cost of the major security overhaul that was necessary. Meanwhile, that same poll showed that 91% of the IT managers themselves had, in the past year, been the victim of a serious attack.

If those managers are heading up security at the electric, gas, water, or other infrastructure company, said Novikov, “then we all have a lot to worry about,” because those systems are becoming popular targets for hackers. Until very recently, hackers were happy to break into bank accounts, corporate systems, email accounts, and the like in order to get information on individuals or companies. But the newest trend in hacking is in state- or organization-sponsored hacking.

Much like Stuxnet, which, according to most analysts, was put together by a highly professional team of state-sponsored hackers — both Israel and the US are suspected — the more recent Red October attack was also said to have been launched by a state or state-sponsored group. The attack, which targeted computers in diplomatic missions and embassies, science labs, and government offices around the world — was found to contain malware that had been transmitting information to unknown parties (China is considered a prime suspect).

To get to those sites, hackers presumably had to work around numerous layers of protection. And it’s just a matter of time, said Novikov, before these groups begin targeting infrastructure in enemy countries, either to extort concessions from their victims, or as an act of terror or war.

“At this point, we should expect such infrastructure attacks anytime and anywhere,” Novikov told The Times of Israel. “It’s just a matter of time before someone pulls one off, and it will have a huge impact.”

Israel is in no way immune to such attacks, warned the Kaspersky deputy director. “Israel is in better security shape than many countries in places like Eastern Europe and the former Soviet Union countries, but many EU countries are more cyber-secure than Israel.”

Then there are the threats from the cloud — “Why spend time attacking individual computers for information when you can attack a database in the cloud and get a lot of information for the same effort?” Novikov asked rhetorically — as well as the threats from unsecured mobile devices (the vast majority do not even have basic anti-virus protection, he added).

And there are the enhanced “social engineering” techniques users face today, which tries to convince users users to click on links that secretly install malware that will enslave their machines or devices to one of the fast-growing “botnets” that cause all sorts of online trouble. Israel, as well as the rest of the world, faces these dangers daily, and only with sharp and strong vigilance — and a lot of luck — can individuals and companies avoid becoming victims. (Of course, he added, installing his company’s security-protection products is a great way to avoid being attacked.)

“We are going to be seeing many ‘sons of Stuxnet,’ much more sophisticated malware in terms of its reach and capabilities,” Novikov added. “We, indeed, do live in interesting times.”

read more:
Never miss breaking news on Israel
Get notifications to stay updated
You're subscribed