Attacking Operating Code
The article “Stuxnet: Dissecting a Cyberwarfare Weapon Cyberspace” describes a new vulnerability of hardware was exposed that could severely impact the risks to network infrastructure. Unlike traditional hacking that is aimed to disrupt operations, steal information, or manipulate systems or information; Stuxnet is a new form of malware that is designed to infiltrate and destroy components.
In 2010, Stuxnet was used to target and destroy a Uranium enrichment plant in Iran. Five months later the weapon would appear again in an Iranian security firm in Belarus (Langner, 2011). Unlike malware which is designed to infiltrate and steal or manipulate, Stuxnet targeted specific components in computers to make the equipment malfunction and destroy itself. The malware was successful in destroying over 900 machines and reducing the capability of the uranium enrichment facility to 50% of its normal capacity (Langner, 2011).
In order to deliver this malware, the malicious code was placed into operating programs via USB devices and infiltrating origin company networks. Stuxnet would lie dormant until it infiltrated a specific system and then it would activate and specifically target operating codes (Langner, 2011). According to Langner (2011), the real danger in this form of malware is that it cannot be dealt with in the same manner as normal malware or viruses. Stuxnet targets equipment which relies on operating code. Once it has infiltrated a system, the malicious code is able to replace the operating code of the device (Langner, 2011). If one can imagine that the operating code that makes a router or modem function was replaced with a malicious code so that every time the device was activated it would make the device lock or shutdown. This is what Stuxnet does. As a result of this very targeted method of attack, there is no defense except to replace the remote.
Langner, R. (2011). Stuxnet: Dissecting a Cyberwarfare Weapon. IEEE Computer and Reliability Societies.
Vincent Triola. Tue, Mar 09, 2021. What was Stuxnet? Retrieved from https://vincenttriola.com/blogs/ten-years-of-academic-writing/what-was-stuxnet