industrial control

Researcher: Holes Abound in Chinese SCADA

The researcher who discovered a hole in a prominent SCADA software package used in China claims that holes in the country’s SCADA systems aren’t uncommon, and blames a lack of transparency for the vulnerabilities.

The world will know more about the mysterious Stuxnet virus by week’s end, after top virus researchers  reveal the findings of their post mortem on Stuxnet at the annual Virus Bulletin Conference. HED: All eyes on Stuxnet at annual virus researcher summitDEK: Researchers will reveal new details about the Stuxnet Virus at the Annual Virus Bulletin Conference in Vancouver this week. The world will know more about the mysterious Stuxnet virus by week’s end, after top virus researchers  reveal the findings of their post mortem on Stuxnet at the annual Virus Bulletin Conference. Researchers from Microsoft, Kaspersky Lab and Symantec are scheduled to reveal more than has been previously known about the mysterious virus, which was first identified in July and has been spreading steadily around the world, targeting industrial control systems manufactured by Siemens. In a joint presentation, researchers from Microsoft and Kaspersky Lab will discuss the findings of a joint analysis of The Stuxnet virus, detailing how the virus leveraged unpatched and – for the most part- unknown holes in MIcrosoft’s Windows operating system to infect and spread over computer networks. Among the questions that experts would like to answer concern the origin of the virus, its exact purpose and how it was able to spread between the protected and isolated infrastructures of some of the world’s top nuclear facilities. In a separate presentation, Liam O’ Murchu of Symantec will reveal details of his analysis of the worm’s inner workings. O Murchu is one of a handful of researchers credited with discovering Stuxnet’s use of a vulnerability in Windows Print Spooler Service to compromise and spread between networked Windows systems. Recent weeks have brought a string of sensational revelations about Stuxnet that have stoked speculation in security and political circles. Analysts long suspected that the virus, widely recognized as one of the most sophisticated threats ever to be publicly disclosed, was designed with a specific target or targets in mind and had nation-state backing. Subsequent analysis of outbreak data from Symantec in recent weeks turned the spotlight on Iran as a likely target and state sponsored hackers working for the U.S. or Israeli army as likely sources for  Stuxnet, which may have been written to quietly disable nuclear enrichment facilities in Iran – an assertation reinforced by industrial control experts and not disputed by the intelligence community.However, each week has also brought new revelations that cloud the Stuxnet picture at just the moment it seems to be coming into focus. Researchers at both Kaspersky and Symantec have publicly questioned the consensus that Iran’s nuclear facilities were Stuxnet’s clear target, citing infection data from India and other countries that rivals that of Iran. O Murchu also noted that the Print Spooler Service hole that he and researchers from Kaspersky Lab independently discovered and repoerted  to MIcrosoft’s Security Response Center had been publicly revealed almost a year earlier in the pages of Polish hacking magazine, Hackin9. O Murchu also revealed on a Symantec blog that the Windows shortcut file (LNK) vulnerability that Stuxnet used to jump from portable media devices to Windows systems was a late addition to the virus. Earlier versions of the worm had, instead, exploited the Windows AutoRun feature to infect Windows systems. That suggests that Stuxnet may have been spreading in the wild for much longer than researchers had previously believed, muddying the picture still more. The most sought after information concern the three as-yet unpatched Windows vulnerabilities used by Stuxnet. Attendees at Virus Bulletin will be looking for any details about those holes or about other Stuxnet capabilities that are as yet unknown. [researcher quote – ]

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.