Alert Indian Government's Cyber Defense Team Thwarted Stuxnet Bug Threat
As per the Department of Information Technology's Computer Emergency Response Team (CERT-In) it prevented a major trouble in India's energy sector by finding out the Stuxnet worm threat in July (2010) and recommending state-run firms on workaround to avoid attacks on computer systems controlling their procedures or actions.
CERT-In Director General, Gulshan Rai wrote to Power Ministry and Director of Oil Ministry (vigilance) P K Singh and on 24th July 2010, stating that they had found a malicious software that was abusing a lately revealed zero-day flaw in Microsoft Windows Shell that was offensively handling shortcut files, as reported by 'THE TIMES OF INDIA' on 12th Oct. 2010.
Immediately after the report P.K.Singh cautioned that the Stuxnet was attacking some particular parts of SCADA systems. The Trojan, installed by the malicious software detects SIMATIC WinCC and PCS 7 software programs from Siemens.
Commenting on the warning Singh stated that it was so hazardous that it could have also attacked through network shares and a set of extensions that help users to modify and manage files on remote web servers named web-based distributed authoring and versioning (WebDAV) in industrial jargon, as reported by 'Intv live' on 12th Oct. 2010.
Furthermore, the security experts cautioned that the malware is quite difficult to detect because it protects itself with a custom malware protector to stay unrecognized by majority of the anti-virus products.
It was believed that the Stuxnet worm has hit the Indian Space Research Organization's INSAT-4B Satellite, which also utilizes Siemens S7-400 PLC and SIMATIC WinCC. However, Indian Space Research Organization (ISRO) officials rejected the likelihood of the lethal Stuxnet internet worm attacking Insat-4 B satellite on 7 July 2010, as reported by 'THE TIMES OF INDIA' on 12th Oct. 2010.
CERT-In has recommended the ministries on workarounds and other counter-actions to alleviate the threat till such time that safe patches, or software upgrades, were accessible to block the Stuxnet malware totally.
Furthermore, security experts thinks that autonomous cyber security researchers should be supported to take up such causes, as it's not possible to depend completely on CERT-In.
Related article: Alert Issued on Unauthentic Software Sites
» SPAMfighter News - 22-10-2010