One of the most infamous attacks on a hardened target was performed in 2010, and the result was devastating. Stuxnet was widely known as the most effective cyber-weapon of the twenty-first century.
The target was a hardened nuclear facility in Iran, the objective was to cripple its legacy centrifuges, and the result was far more effective than attempting a tactical airstrike. Bombs and missiles are loud, visual, and can be easily traced back to a country of origin. A cyber-weapon is the complete opposite as its overall success is the ability to obfuscate its origin and cause catastrophic damage.
The Stuxnet worm was believed to be developed by the US and Israeli governments working together to advance interoperability between their cyber capabilities.
Much like some attacks we hear about in the news today (WannaCry Ransomware), the target is often using legacy equipment and protocols, which make it easier for propagation without immediate security controls. Stuxnet targeted SCADA and PLC systems, and WannaCry targeted the SMB protocol. We can easily correlate these two breaches as being one and the same – in reference to the attack methodology; low-hanging fruit. Legacy protocols are often inherited and never fully upgraded, which pose huge risk to the overall infrastructure.
It is imperative that IT professionals across all companies realize the importance of patch cycles, mitigation strategies, and staying current with security solutions that would ultimately prevent these disasters from taking place. Contact our Security Solutions Team!
We must be vigilant, we must be ready, and most of all, we must be educated!
Adam Zimmerman, Security Solutions Architect
With over six years of experience in the technology industry, Adam’s experience covers information security operations, cyber security advisory, penetration testing, and advanced exploitation. Adam’s primary focus is helping organizations build strong security practices and prepare for potential attacks.
Adam holds a Masters in IT Security from the University of Ontario Institute of Technology, where he successfully developed a malware classification tool with a security firm based in Ottawa. Additionally, he has worked on several cyber consulting engagements as a lead security researcher and was able to develop an exploit for the FAA’s NextGen Air Traffic Control Management System.
Adam currently serves in the Canadian Armed Forces as a Second Lieutenant where he holds a command position as a Troop Commander for 32 Combat Engineer Regiment of Toronto; specializing in mobility denial and facilitation, tactical breaching, controlled munitions disposal, and various humanitarian support operations.