Stuxnet just the tip of the iceberg

Security experts from the SANS Institute said that they have found multiple instances of Stuxnet-like malware tailored to attack specific industrial systems.

The discovery of the Stuxnet worm shook the industry after it emerged that the malware contained code designed to modify programmable logic controllers in the frequency converter drives mainly used to control motors in uranium enrichment facilities.

(Power to the people image, by Adrian Boliston, CC2.0)

Experts said the Stuxnet code is designed to push the frequencies of a uranium converter to above 1400Hz, then drop it to about 2Hz, and raise it back up to sit on 1000 Hz. This effectively prevents or at least depletes uranium production.

SANS Institute member Dr Eric Cole, who chairs the US President's Cyber Commission and has some 20 years' industry experience, said he has witnessed four similar attacks targeted at specific industries.

"I know of a recent case where four companies within the manufacturing sector were targeted by one of many [zero-day] attacks," Cole said.

"From the forensic evidence, it seems the attackers were after some particular intellectual property and were well organised and methodical."

Cole said companies stay mum on the breaches which make it difficult to determine the scale of the problem.

Security researcher Stephen Sims said "reputable" companies will pay programmers hundreds of thousands of dollars for zero-day exploits with remote code execution capability.

"This happens — it's not make believe," Sims said.

"Major operating system patches and updates are like triggers for people looking for exploits, and the financial reward means an almost unlimited supply of new threats will continue to emerge."