All the latest UK technology news, reviews and analysis


Governments preparing Stuxnet 2.0 malware for nuclear strike

03 Dec 2013
Cooling towers at a nuclear power station

The Israeli and Saudi Arabian governments are working to create a new, even more destructive variant of the notorious Stuxnet malware, according to local Iranian news outlet Farsnews.

Farsnews reported that an unnamed source with links inside the Saudi Arabian secret service confirmed the news, warning the two nations plan to use it to further disrupt Iran's nuclear power program.

"Saudi spy chief Prince Bandar bin Sultan bin Abdulaziz Al Saud and director of Israel's Mossad intelligence agency Tamir Bardo sent their representatives to a meeting in Vienna on 24 November to increase the two sides' co-operation in intelligence and sabotage operations against Iran's nuclear program," claimed the unnamed source.

"One of the proposals raised in the meeting was the production of a malware worse than the Stuxnet (a comprehensive US-Israeli program designed to disrupt Iran's nuclear technology) to spy on and destroy the software structure of Iran's nuclear program."

The original Stuxnet malware was uncovered targeting Iranian nuclear systems in 2010, and is believed to have been a joint project between the US and Israeli governments. The malware is considered a game changer in the security community for its ability to physically sabotage systems in power plants.

It is currently unclear if the Farsnews report is accurate, though director of security strategy at FireEye Jason Steer said it is certainly plausible.

"Given that this has already happened with Stuxnet, it is certainly more than plausible to believe that Stuxnet 2.0 is also possible. One would be naive to assume it wouldn't happen again. With the change in relationship between Iran and the US, it is highly likely that Israel and Saudi Arabia united to try and negate the threat of nuclear bombs on their front door,” he said.

The original Stuxnet worm hijacked control of Siemens industrial control systems, then forced them to alter key processes to damage machinery. The malware has since managed to spread outside of Iran and has affected several other power plants, some close to Europe.

Steer told V3 that, given how successful the original Stuxnet was at spreading, the fallout of a more advanced variant could be devastating for power plants, but will be of little concern to most regular businesses.

“Stuxnet was pretty powerful at disrupting the SCADA environment it was introduced to and has since jumped and gone into the wild – where it has even appeared on the International Space Station and Russian power stations, that we are aware of. So we should expect Stuxnet 2.0 to have an impact of a similar nature,” he said.

“Most businesses don't run SCADA [supervisory control and data acquisition] systems so unless you run a refinery, oil pipeline or something similar, then they will be safe from these types of industrial-style attacks. Most businesses should be more worried about the cybercrime attacks that wash up via email and on web pages their employees surf to every day that will enable remote access capabilities to their network, like Zeus and Houdini, that are exfiltrating data out of their business.”

Security tycoon Eugene Kaspersky confirmed in November that at least one Russian Nuclear Plant has been very badly infected by Stuxnet. Security experts have since said it is only a matter of time before a Stuxnet infection is discovered in the UK.

Attacks on critical infrastructure areas, such as power, are a growing problem facing governments and businesses. Numerous other cyber attacks have been uncovered hitting companies involved in critical infrastructure areas, and many of these attacks are currently believed to stem from China.

  • Comment  
  • Tweet  
  • Google plus  
  • Facebook  
  • LinkedIn  
  • Stumble Upon  
Alastair Stevenson
About

Alastair has worked as a reporter covering security and mobile issues at V3 since March 2012. Before entering the field of journalism Alastair had worked in numerous industries as both a freelance copy writer and artist.

View Alastair's Google+ profile

More on Security
What do you think?
blog comments powered by Disqus
Poll

Tech gifts for Christmas 2014

Is a new tablet on your wish list this festive season, or have they become yesterday’s fad?
12%
22%
14%
7%
45%

Popular Threads

Powered by Disqus
iPhone 6 is available in silver gold and space grey

iPhone 6 video review

The best iOS handset to date

Updating your subscription status Loading
Newsletters

Get the latest news (daily or weekly) direct to your inbox with V3 newsletters.

newsletter sign-up button
hpv3may

Getting started with virtualisation

Virtualisation can help you reduce costs, improve application availability, and simplify IT
management. However, getting started can be challenging

ibmv3may

Converting big data and analytics insights into results

Successful leaders are infusing analytics throughout their organisations to drive smarter decisions, enable faster actions and optimise outcomes

Systems Administrator - UNIX - Global Software company - Hertfordshire

Systems Administrator – UNIX systems – Windows / VMware...

Oracle 11g SQL 2008 Developer (Unix, Oracle RAC, Mirroring)

Oracle 11g SQL 2008 Developer (Unix, Oracle RAC, Mirroring...

Front Office Developer (Excel VBA, C#, Derivatives, Trading flo

Front Office Developer (Excel VBA, C#, Derivatives, Trading...

Telecoms Principal Consultant

Our client is one of the globes leading Technology and...
To send to more than one email address, simply separate each address with a comma.