Luxtaxnet: Bankrupt Industrial Control System

1400 Words3 Pages

Dillon Beresford saw Stuxnet as a challenge because he wanted to see if it was possible for a single individual to pull off an attack on a similar scale as Stuxnet that could disrupt industrial control systems. Due to the sophisticated nature of the attack, which used four separate zero-day vulnerabilities, and stolen digital certificates to craft and disguise a complex piece of malware that targeted Siemens SIMATIC Step 7 PLCs, Stuxnet was assumed to be the work of a nation-state. Surely a nation-state might have at its disposal the time and money needed to discover, or otherwise acquire these zero-day vulnerabilities, as well as the man power needed to use these flaws to compile and disguise such a clever cyberattack. An individual on the other hand would never be able to accomplish such an attack, or have such a high level understanding of the interworking of the control systems at the Natanz uranium enrichment facilities. Or so it was thought. Dillon Beresford was intrigued by the assumption that only a nation-state could pull off such a …show more content…

Governments, security companies, and criminals are all potential buyers of zero day vulnerabilities. Security companies buy zero day vulnerabilities in order to gain a competitive edge. They use the zero days to provide their clients with protection from security risks that their competitors are unaware of. Governments often buy zero days to aid in their cyber warfare campaigns, or to protect their own systems from outside attack. Criminals buy zero days in order to exploit computer systems to accomplish malicious tasks such as stealing information, or initiating denial of service attacks. However there is no guarantee that anyone will buy the zero day from Beresford, or that he would be able to sell it before someone else discovered the vulnerability or a patch was

More about Luxtaxnet: Bankrupt Industrial Control System

Open Document