Computers are taking over manual labor at an unprecedented rate. Currently, 29% of all labor is automated. It is expected that, in the US alone, 38% of jobs are automated by 2030. This increasing level of automation also paves the way for new forms of attack by domestic or foreign actors: cyber-physical attacks.
In 2010 a new kind of computer virus was discovered in nuclear facilities in Natanz, Iran. The virus targeted PLCs (programmable logic controllers) that controlled centrifuges in uranium enrichment facilities. It is widely believed that the virus’ primary target was the nuclear program of Iran.
Since most critical infrastructure networks are disconnected from the general use internet, infecting the computers from the internet was not possible. The Stuxnet virus infected computers in the Natanz facility by using an external USB thumb drive. The thumb drive was installed by a mole working for a Dutch front company in Iran. Then a dropper and payload were installed on the computer. The dropper checked if the attack conditions were met, whilst the payload contained the actual malware.
The virus started by looking if Siemens Step 7 PLCs were connected to the infected computers. If this was the case, the virus would release its payload: a rootkit that allowed full control of the centrifuges. Under regular circumstances the centrifuges were spinning at about 53000 rpm, however, Stuxnet altered the speeds to 83000 and 120 rpm respectively. The dubious part of this was that the difference in centrifuge speed could be heard by the engineers at the plant, however no one noticed any anomalies.
The Duqu malware is related to the Stuxnet code, in that is suspected to be created by the same people that are behind Stuxnet. The Duqu code however is not yet ‘dangerous’. It currently works by scanning for industrial control systems with vulnerabilities that can be potentially exploited. There is no payload defined yet. However, in the future there might be a potentially dangerous payload.
It is widely acclaimed that the people behind Duqu are the same as the people behind Stuxnet. The cybersecurity scene believes that Duqu and Stuxnet are part of Operation Olympic Games, a joint cooperation behind the United States, Israel, Germany, and the Netherlands.
To conclude, each day new computer viruses are developed, that may potentially target physical facilities. Cyber-physical attacks are a new form of cyber-attacks that may get traction in the near future.
This article is written by Berke Aslan