Skip to content

2011 Security Predictions #1: Stuxnet Will Get Monetized

January 4, 2011

Prediction #1: Stuxnet Will Get Monetized. Stuxnet got a lot of press in 2010, and with good reason (even to the point where those clever, clever blackhats liberally used the term as part of an SEO campaign to get terrified SCADA managers to install malware).  The target of Stuxnet was actually quite limited (Siemens PLC controllers), and most of the democratized world is probably not shedding too many tears over the fact that nation of Iran has been the primary infected target.  However, the problem with Stuxnet (at least, for whitehats) is its complex, monolithic nature: multiple zero-day exploits, stolen valid digital certificates, and both user- and kernel-mode rootkits, all in a single, convenient executable package.  One word: nasty.

Of course, it won’t be long into the new year before blackhats take this model and convert it into something more easily monetizable: the target and payload will be modified to go after systems that contain cardholder data (to facilitate credit card fraud), PHI data (to enable Medicare fraud), and other personally identifiable consumer data that is the bread-and-butter target of cybercrime.  Next year, I predict we’ll have at least one reported major data breach associated with a Stuxnet variant.  Keep scanning the PRC database for the first one.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: