Stuxnet Gets a New Stablemate: MiniFlame
The famous (or notorious) Stuxnet worm, said to have wrecked thousands of centrifuges used in Iran's nuclear program, has turned out to be only the first in a series of "state-sponsored" cyber weapons to be deployed in the Middle East. Others, evidently developed in the same shop, include Duqu, Flame, and Gauss; the latter two seem designed specifically for cyber espionage.
Now there is a new member of the family, dubbed MiniFlame. It is evidently built on the same platform as Flame--hence the name--but for a different purpose: providing access to infected machines.
For the IT community at midsize firms, MiniFlame is one more reminder that the era of cyber espionage and cyber warfare is now upon us. And while the action is centered in the Middle East, the Web pays little attention to boundaries. Nor do the weapons that propagate through it. Even midsize firms that have no obvious connection to the Mideast could find their systems in the cyber warfare crosshairs.
As Lucian Constantin reports at InfoWorld, security firm Kaspersky Labs has discovered the latest member of a cyber-weapon family targeting the Middle East. Stuxnet was the first of these (at least the first to become known). It evidently took over centrifuge controllers, instructing them to overspeed and self-destruct.
Flame and Gauss had technical features that marked them as products of the same software shop. But instead of physically wrecking devices, their mission is espionage, stealing files from thousands of infected machines. Gauss specifically targets banks and other financial institutions.
Kaspersky has found that MiniFlame, though built on the same platform as Flame, has yet another mission: "a high precision espionage tool." According to Kaspersky senior researcher Roel Schouwenberg, MiniFlame "serves as a back door, which gives the operator direct access to an infected machine."
The Kaspersky researchers say that both attackers and victims remain unknown. But this family of cyber weapons has been widely attributed to Western intelligence agencies, possibly the U.S., Israel, or both working together.
The Washington Post has reported on yet another cyber weapon, the Shamoon virus, which may have been launched by the other side, most likely Iran.
Such "state-sponsored" malware raises cyber-security threats to a new level. And while the cyber conflict is centered on the Middle East, broader targeting cannot be ruled out. Midsize firms may find themselves in the crosshairs for a variety of reasons: other firms they do business with, projects of strategic interest to intelligence agencies, even employees who have become involved in Middle East issues.
For IT managers at midsize firms such threats are one more reason to emphasize best-practice security measures. Strong authentication policies and prompt application of update patches cannot guarantee protection against sophisticated cyber weapons. But failure to enact good security practices makes the risks to midsize firms that much greater.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter. Follow Rick Robinson on Google+.