All the latest UK technology news, reviews and analysis

Stuxnet: UK and US nuclear plants at risk as malware spreads outside Russia

11 Nov 2013
Cooling towers at a nuclear power station

Security experts have warned the notorious Stuxnet malware has likely infected numerous power plants outside of Russia and Iran.

Experts from FireEye and F-Secure told V3 the nature of Stuxnet means it is likely many power plants have fallen victim to the malware, when asked about comments made by security expert Eugene Kaspersky claiming at least one Russian nuclear plant has already been infected.

"[The member of staff told us] their nuclear plant network, which was disconnected from the internet [...] was badly infected by Stuxnet," Kaspersky said during a speech at Press Club 2013.

Stuxnet is sabotage-focused malware that was originally caught targeting Windows systems in Iranian nuclear facilities in 2010. The malware is believed to originally have been designed to target only the Iranian nuclear industry, but subsequently managed to spread itself in unforeseen ways.

F-Secure security analyst Sean Sullivan told V3 Stuxnet's unpredictable nature means it has likely spread to other facilities outside of the plant mentioned by Kaspersky.

"It didn't spread via the internet. It spread outside of its target due to a bug and so it started traveling via USB. Given the community targeted, I would not be surprised if other countries had nuclear plants with infected PCs," he said.

Director of security strategy at FireEye, Jason Steer, mirrored Sullivan's sentiment, adding the insecure nature of most critical infrastructure systems would make them an ideal breeding ground for Stuxnet.

"Stuxnet has mostly spread by USB and CD rom using removable drive vulnerabilities in Windows to date and continues to spread using remote calls to talk to and infect other computers on the network," Steer told V3.

"Many of these control systems are not connected to the internet, because they are so old and delicate that they cannot withstand any serious probing and examination, and frankly are not designed to connect to the internet as they are so insecure. Getting a vulnerability to a network not connected is not so difficult anymore if it's important enough."

Steer added the atypical way Stuxnet spreads and behaves, means traditional defences are ill equipped to stop, or even accurately track the malware's movements.

"It's highly likely that other plants globally are infected and will continue to be infected as it's in the wild and we will see on a weekly basis businesses trying to figure out how to secure the risk of infected USB flash drives," he said.

"When a PC is infected, the malware does many clever things, including not showing all the things that are on the USB so it's impossible to know if the USB is to be trusted or not and, as we know, using AV signatures doesn't solve some of these issues either."

Critical infrastructure networks' poor security and their use of outdated Windows XP and SCADA systems - industrial control software designed to monitor and control processes in power plants and factories - have been an ongoing concern for industry and governments.

Prior to Kaspersky's claims, experts Bluecoat Systems and the Jericho forum argued at the London 2012 Cybergeddon conference that critical infrastructure providers opened themselves up to cyber attacks by prematurely moving key systems online.

The US Department of Defense (DoD) said the premature move online is doubly dangerous as Chinese hackers are skilled enough to mount Stuxnet-level cyber attacks on critical infrastructure.

The use of XP in power plants is set to become even more dangerous as Microsoft has confirmed it will officially cut support for the 12-year-old OS in less than a year. The lack of support means XP systems will no longer receive critical security updates from Microsoft.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus

Devices at work poll

Which device do you use most for work?

Popular Threads

Powered by Disqus
LG G Flex 2 hands-on review

CES 2015: LG G Flex 2 video

A closer look at LG's latest curved-screen smartphone

Updating your subscription status Loading

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging


Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Account Manager - Hotels TH-Bangkok

Account Manager - Hotels - English Language - Sales...

Java Developer - 60k+ - London + Android

Austin Fraser have the pleasure to work with the market...

Project Manager (Trading Systems, Front Office, Middle Office)

Project Manager (Trading Systems, Front Office, Middle...

Content Manager / Language Specialist - Dutch & English

Content Manager / Language Specialist - Dutch &...
To send to more than one email address, simply separate each address with a comma.