Stuxnet Cousin Can Hit ICSes

Monday, August 13, 2012 @ 06:08 PM gHale

After more analysis on the new virus called Gauss, it seems the tool has capabilities to attack national critical infrastructure and steal financial data.

While not confirmed, it appears as though the same masterminds behind this virus is the same as those that were behind the state-sponsored Flame and Stuxnet. ISSSource reported the masterminds behind Stuxnet and Flame were the U.S. and Isreael.

Stuxnet Fears: Iran Ministries Air Gap
Iran: ‘Massive Cyber Attack’ Detected
India on Stuxnet Alert
Flame Out: Certificate Management Changed
Flame Keeps Security Wags on Alert
Talk to Me: Stuxnet, Flame a Global Alert
Stuxnet Warfare: The Gloves are Off
Flame: ‘20 Times Larger than Stuxnet’
New Stuxnet Waiting for Green Light
Stuxnet Loaded by Iran Double Agents

Researchers at Kaspersky Labs discovered Gauss in June and it has already infected personal computers in Lebanon and other countries in the Middle East.

The sophisticated malware, which not only steals system information but has a potentially dangerous “mysterious payload,” also contains a module known as Godel which researchers have concluded contain a weapon for attacking industrial control systems.

Ross Brewer, vice president and managing director for international markets, LogRhythm, has made the following comments:

“This latest malware discovery clearly shows a developing trend of sophisticated cyber weapons, like the Stuxnet, Duqu and Flame viruses, which aim to take control of critical national systems. While Gauss’ initial purpose appears to be the theft of financial information, its inclusion of the ‘Godel’ module further proves that cyber warfare tactics between nation states can result in significant damage to physical infrastructure.

“A large proportion of today’s cyber security breaches – whether cyber espionage exercises such as data theft or full on cyber attacks that take control of critical systems – are a result of organizations lacking visibility into the activity taking place across their networks.”

Traditional perimeter cyber security defenses such as anti-virus software just aren’t enough to ensure protection, particularly as Gauss’s “cousin,” the Flame virus, avoided detection from 43 different anti-virus tools and took over two years to detect.

Critical infrastructure users need to keep a continuous monitoring of all log data generated by IT systems, so make sure there are not any aberrant network activity. And if there is to identify, anlyze and remediate it in real time.

Especially relevant in the detection of attacks on control systems like SCADA (supervisory control and data acquisition), constant monitoring of IT network log data also provides the traceability required to identify patterns in seemingly unrelated incidents enabling damage limitation strategies to be enacted before any destruction of national infrastructure can occur.

Leave a Reply

You must be logged in to post a comment.