Duqu location found. Son-of-Stuxnet Can be Stupid. Eric Byres has a very interesting blog post over at TofinoSecurity.com about the next stage in the evolution of ‘sophisticated’ control system attack tools based upon the Stuxnet model, what he calls Son-of-Stuxnet.
Eric does a great job of explaining the whole thing so I won’t do much more than point you at his blog and strongly recommend that everyone with an interest in chemical facility security or cyber security for industrial control systems should read and re-read Eric’s fine words. Okay, you didn’t really think that I would stop there, did you? I would like to amplify one point that Eric makes about the need for process knowledge to develop a Son-of-Stuxnet attack. “Son-of-Stuxnet” - Coming Soon to a SCADA or PLC System Near You. In the past two months, the number of serious security vulnerabilities being reported in SCADA and ICS products has sky rocketed.
In late March, I blogged about how Luigi Auriemma published 34 vulnerabilities (with free exploit code) for 4 popular HMI packages. Within days, 3 more vulnerabilities were announced (one by Joel Langill, with details submitted to ICS-CERT). By the end of May, ICS-CERT had released 11 new security advisories for SCADA and ICS products, many containing multiple vulnerabilities. Last week’s bad news about ICS security was that security researcher Dillon Beresford had discovered new vulnerabilities in the Siemens S7 line of PLCs. According to Wired Magazine, Beresford found multiple vulnerabilities in the Siemens products.