Stuxnet updates: October

Following reports that the Stuxnet code has been published on the internet, for anyone with malicious intent to copy as they desire, Norman Data Defense systems warn that it is more important than ever to review security systems in use on industrial SCADA systems. A webinar will be aired on 28th October to discuss this further.
David Robinson, UK and Ireland country manager, Norman Data Defense said: ‘It was just a matter of time before the Stuxnet code was published on the web for anyone, with even the most basic knowledge of coding, to alter and potentially wreak havoc on the industry. Now is the time to review IT security, no matter how small the risk. This is big news.’
‘This new type of virus has a boot file built-in and now that the code is in the hands of any malware writer it could mutate very quickly’ added Robinson, who will host a webinar on the subject on 28th October at 2pm BST at Robinson has fifteen years experience working with companies such as Mistubishi, Rockwell and Intelluition working on SCADA and plant intelligence software.
But it’s not just memory sticks that can spread this virus. ‘These days anyone with a laptop or a device that connects remotely to a wireless network inside a company’s firewall, is putting that company at risk. It will just be a matter of time before Stuxnet or its successors are evolved to wreak havoc on control systems and any other system that the user connects to if their laptop or portable device is infected.’
Norman Data Defense recently carried out research among ordinary workers and found that over half of people surveyed are more cautious with security issues when using their own PC/laptop that they are with their work one. And over three quarters of people would expect a pop up to appear on their screen to alert them to a breach of security which of course is not always going to happen.
Microsoft has issued patches to help users on Windows systems to protect themselves against Stuxnet, but, warns Robinson: ‘My fear is that, with patch management protocols rarely in place in a control system environment, these warnings will go unheeded.’