Introduction
This is my first cyber security book I read and I got hooked into the story from page1 and its real page turner. I am fascinated and amazed at the same time how the digital weapon meets the kinetic warfare. Two decades ago it’s impossible to think someone said they uses computer to sabotage the ICS (Industrial control system). What makes so scary now about the malware is APT(Advance Persistent Threat) crew able to successfully exploit the physical system where computers is not well understood or it’s mainly used for information transferring system at that time so think now what kind of digital weapon is available and its is not disclosed to public knowledge.
This book talks about in great detail of digital weapon and more importantly how it is avoided the detection and stayed hidden without raising any alarms.
About the book
Stuxnet malware is created by United States and Israel APT crews to disrupt the Iran nuclear program. Stuxnet malware involves chaining four zero day vulnerabilities to deliver the malware and exploit the PLC(Programmable Logic Control) Siemens system.
For me personally, some of the key learnings of the malware which I admired:
- Malicious Code contains two parts one is deliver (a.k.a missile?) and other is launch (a.k.a payload) . Missile part is the crucial step to infect the target system or the mechanism to deliver the malware to the target system. In this case malware is initial spread is via USB . Normally ICS is air-gap system that means its not connected to internet (outside world) so the USB is the mechanism to deliver the malware. Second part is to stay hidden and execute the payload . And during the execution time malware gets hands and legs to do the damage.
- Its targeted attack towards the Iran ICS so it has to do the damage only to particular system which is Siemens PLC and also the specific model of PLC without raising any kind of alarm. And if the target is not found malware have to stay quiet without doing any damage and also looking for lateral movement.
- Clever part of the attack not to perform any collateral damage. So it ran as reconnaissance mode for a month and records all the metrics and then exploit the system of pre-determined interval without raising any suspicions to the admin and malware manipulated the dashboard to show everything is working fine.
- Finally, if there is a new version of malware is available ( not sure how it get to know the new version) it updates with new version and communicates / propagates to affected system with the new version of the malware. If I look at it other angle this is suppose to be patch management system should work flawlessly.
Author talks about the genius work done by Symantec engineers who decoded the malware and brought this activity to day light. They spent day and night to reverse engineer the code to understand what is the purpose of the malware and who is the target with some help of Kaspersky.
Conclusion
Stuxnet malware is successful to some extent. I think downfall of this malware it is spread beyond the control of intended purpose. And also, I doubt whether APT crews used zero day vulnerabilities already known to the companies like Microsoft where they didn’t disclose this because of internal bureaucracy. However, its beginning of cyber warfare and its first go-to mechanism to disrupt the systems before engaging in kinetic.
It’s important for every organisation to stay on top of the cyber security posture mainly the Vulnerability Management Process. And I would recommend this book if someone wants to understand the working of malware.
I have throughly enjoyed the book.
Views Expressed” Disclaimer
This disclaimer informs readers that the views, thoughts, and opinions expressed in the text belong solely to the me.