Businesses are advised to re-work their IT security systems as a new type of malware dubbed Stuxnet’s “little brother” has infected multiple companies already
Stuxnet’s “little brother” Duqu has created some fuss in the world of IT Security. The malware carries worrying similarities to last year’s infamous Stuxnet worm, which attacked Iran’s nuclear enrichment centrifuges in June 2010.
Duqu, first noticed in early September 2011, complies with roughly 99% of Stuxnet’s software rules, source codes and encryption keys. The difference between the two is that Duqu seems to aimlessly attack various systems. So far the worm has infected multiple companies and at least one university, yet it is unclear what particular assets were targeted. This differs from Stuxnet, which had a clear target and objective.
Symantec has analysed Duqu as a spying virus. The worm is sophisticated enough to monitor messages and processes. Gathering data and assets could help the perpetrators mount attacks against an industrial control facility.
Duqu may have been written by the same team behind the Stuxnet source code
Duqu can unlock various types of information, including the design of supervisory control and data acquisition (SCADA) systems. SCADA systems are the types of systems used at industrial plants and power plants to centrally control functions.
Symantec also suggested that Duqu was written by the same team behind the Stuxnet source code, or at least someone with access to the code.
The malware will likely be as much of a wake-up call to companies’ IT security departments as Stuxnet was before it. It may be time to re-work security around digital certificates and sensitive data.
“Organisations must have a complete inventory of all the certificates from their certificate authority - monitor them and know which ones are within policy - in order to revoke and remove those that are not or they are facing unquantifiable risk,” commented Calum MacLeod, director of Venafi EMEA.
No comments yet