Analysis by Itzik Kotler CTO of Security Art
March 2011 by Marc Jacob
At October 1987, a DOS file virus was detected in Jerusalem, Israel. The virus, known as “Jerusalem” contained one destructive payload that was set to go off on Friday the 13th, all years but 1987. On that date, the virus deletes every program file that was executed. In April 26, 1999 a Microsoft Windows computer virus called CIH (aka. Chernobyl) payload was delivered for the first time. CIH is one of the most damaging viruses, overwriting critical information on infected system drives, and more importantly, in some cases corrupting the system BIOS.
In July 2010, a Microsoft Windows computer worm called Stuxnet was discovered. Stuxnet targets industrial software and equipment, and is the first malware to include a programmable logic controller rootkit. Speculations are that it caused months setback to the Iranian Nuclear Program.
Viruses and Malwares that creates damage are nothing new, but Stuxnet is not just any Virus’ it’s a cyber-weapon. A cyber-weapon that pushes the concept of cyber warfare into the realm of possible. Today it’s a country that seeks to destroy another nation and tomorrow it’s a commercial company that seeks to make a rival company go out of business.
Click, Click, Boom
Can Software cause damage to Hardware? Yes. Software controls Hardware and it can instruct it to perform damaging operation. Software can also damage other software in the hardware that makes it work. And last, but not least, Software controls the Hardware and can make it perform operation that will result in damaging another different hardware. This is all leads toward Permanent Denial-of-Service, an attack that damages hardware so badly that it requires replacement or reinstallation of hardware.
Permanent Denial-of-Service attacks are ranging from rendering devices such as iPhones, iPod and iPads useless to crashing hard drives, and to increasing the voltage within CPU’s. The damage potential is huge, almost anything and everything is controlled by software that can be modified or attacked and as a result cause a real life damage and sabotage.
Stop Me If You Can
Depends on the Permanent Denial-of-Service attack, it can be mounted either remotely or locally. For the local part, a Permanent Denial-of-Service attack payload can be embedded into a malware much like Stuxnet. Getting infected with malware is usually much easier than detecting it, or getting rid of it.. An attacker has multiple ways to infect the company’s employee using client-side vulnerabilities, social networks and social engineering to deliver the malware.
Once the malware is executed it does not have to set off immediately but rather can wait and be triggered as part of an orchestrated attack. The trigger to star the Permanent Denial-of-Service attack can be anything from a predefined date to command sent from the attacker itself. Such campaign will be known as Advanced Persistent Threat (APT) and as in the case of APT the detection rate of anti-virus products will be lower, if at all.
Day after Tomorrow
Cyberwarfare is expected to hit the commercial market in the next few years and we will see more and more companies been attacked by APT that will “blow up” in their face. Today it’s a nation that seeks to harm another nation and tomorrow it’s a commercial company that seeks to make a rival company to lose business. There is no silver bullet for it, this threat requires a threat modeling that reflects not only technological understanding but also business understanding. The company needs to know where their assets are and how to protect them. Not all threats are equal and not all the risks worth the time and money to deal with. A targeted attack means there’s one or more failure points that the attacker can exploit and the company should be ready to detect and mitigate any attempts to strike them. It’s a challenge, the company needs to protect 100% of the attacks while the attacker needs only to succeed once, and that one time is enough to cause considerable damage.
Program of the France Israel Cyber Security Forum, Monday 4th April 2011 at the Paris Chamber of Commerce HQs : click here.
Copyrights Nanojv: http://nanojv.com