Cyberattack Spotlight: Stuxnet


Prior to 2010, viruses largely remained stuck in the cyber domain. They would ruin someone’s day by deleting files, or maybe cause ads to pop up all over the screen. Modern viruses have come a long way since then – they can burrow deep into your systems and wreak havoc in a moment’s notice.

If you’re skeptical, you’ve probably never heard of the Stuxnet virus. When a security firm from Belarus discovered the virus known as “Stuxnet”, the idea of what a virus could do would never be the same again.

Did you know: 75.6% of organizations encountered at least one successful cyber attack within the past 12 months.

It’s still not clear as to who created Stuxnet. Initially, it was just regarded as just another variation of common malware programs floating around on the web. However, it quickly proved that it was much more than that. Stuxnet directly attacked a uranium processing facility in Nantaz, Iran. The computer system that controlled the plant, known as a supervisory control and data acquisition system (SCADA for short), wasn’t connected to the internet.

In other words, Stuxnet found its way in by avoiding any conventional means.

How Stuxnet Works

Most viruses deploy into systems by having an installer package delivered to the client via an email attachment or a misleading direct download link. Stuxnet used a two-stage attack; it had a delivery phase and an infection phase. During the delivery phase, it attached itself to a Windows-based operating system and laid dormant. Unless you were specifically scanning for it, it would remain inactive and undetectable.

Once the device carrying Stuxnet attached itself to the computers of the uranium facility, it would begin its deployment phase. It jumped to the SCADA system and began its infection of their systems. The operators of the machines added an “air gap” measure that effectively blocked any connections between the SCADA, the connected systems, and the internet. Irrespective of this, Stuxnet got it. To this day, it’s unclear as to how the program managed to jump between the two.

What the Stuxnet Cyberattack Did

Uranium enrichment facilities must keep the purifying machines cool, or risk a nuclear meltdown. To do this, they use powerful centrifuges that spin at a constant rate. Spin too slow, and the uranium overheats. Spin too quickly, and it becomes too cold to be effective. Stuxnet targeted the centrifuges and caused fluctuations in the speed. Everything seemed okay, but in reality the rotors were wearing down and cracking apart.

Did you know: In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors.

The cyberattack was clearly created by masterminds who knew SCADA systems inside and out. Stuxnet also created false reports that would show the centrifuges as operating under normal circumstances. It even went as far as to disable and bypass safety systems that limited the centrifuge speeds. Because the uranium created was cooled at uneven temperatures, it was volatile, unstable, and ultimately unusable.

Stuxnet had completed its mission.

For Good, or For Evil?

The Iranian government claims that it was an act of cyberterrorism – one of the biggest of its kind. Stuxnet disabled the production of the uranium, but it could have just as easily destroyed the plant by sabotaging the graphite control rods. Some speculate that it was a miscalculation and that Stuxnet was just out to destroy whatever it could.

Others, however, see the cyberattack as an act of heroism. The New York Times claimed that Stuxnet was a joint collaboration between Israel and the United States. According to the Washington Post, it was a final phase of the cyber sabotage program known as “Flame”.

Regardless of where it came from or what its intentions were, one thing is clear: Stuxnet completely changed the parameters of what a virus could do. Modern malware and viruses, therefore, should never be brushed aside and ignored.

The Importance of Cybersecurity

You don’t have to be a uranium enrichment facility to know that cybersecurity is important… but it helps. And while a virus in your computer may not put anyone’s life at risk, it can still affect your organization greatly.

Let’s take a modern ransomware virus as an example. Much like Stuxnet, it can burrow deep into your file system and remain dormant. Some of the more advanced variants can go as far as to disable backup services, which negate any chance of recovering data through backup programs. Once they’re inside, they lock all your files and ruin any chance of productivity by causing downtime.

The best defense is to prepare ahead of time. Stuxnet was successful because there were still exploitable gaps in the system. However, cybersecurity protection from a capable partner will protect your organization from having your own Stuxnet incident in the first place.

If you’d like to learn more about Varsity’s cybersecurity capabilities, reach out to us today. We’ll help you establish a more protected network infrastructure that will keep cyberattacks far away from you.