Cybergeddon: The five doomsday hacks you don’t want to happen
Scenario 1. Zero-day worms attack critical national infrastructure
Security experts agree that the most plausible worst-case scenario would be an attack on national critical infrastructure. Elad Sharf, security research manager at Performanta, suggests the “zero-day worm” would likely be the weapon of choice.
“The rapid distribution capability of a worm, when combined with the unknown impact of a zero-day attack, could potentially be devastating.”
The rapid distribution capability of a worm, when combined with the unknown impact of a zero-day attack, could potentially be devastating. We’ve seen it before with Conficker, a worm that infected seven million machines within a year of launch in 2008 and still resides on an estimated one million of them today. “Despite research demonstrating that the Conficker virus didn’t have an end-goal or specific purpose, it still caused havoc, including causing fighter planes to be grounded and infecting military systems, including 75% of the Royal Navy fleet,” said Sharf. “The worst-case scenario for a zero-day worm is extreme: it could rapidly disable vast swathes of military and civilian infrastructure… as a prelude to even greater tragedy.”
Zero-day worms could infect industrial control systems, known as SCADA (supervisory control and data acquisition). SCADA sits at the heart of almost everything, be it a nuclear power plant, water-treatment plant or system controlling traffic flow.
“The plant systems were even air-gapped – not connected to the outside internet or networks – but the worm still managed to infect them.”
States have already performed SCADA attacks, such as an alleged joint US-Israeli strike against the Natanz uranium-enrichment plant in Iran using the Stuxnet worm, with a payload of four zero-day exploits. The attack, which has never officially been confirmed, sabotaged Iran’s nuclear programme by destroying the centrifuges used for separating nuclear material. By attacking its SCADA systems, enough damage was done to shut down the plant. The plant systems were even air-gapped – not connected to the outside internet or networks – but the worm still managed to infect them, most likely via contractors with USB drives. Stuxnet was a targeted attack, with a very narrow focus. Imagine how much damage could be done if an attack was broadened. “If you were working with other malicious actors, and putting together a co-ordinated effort, you can probably disrupt multiple services in small and medium-sized countries,” warned Stephen Coty, chief security evangelist at Alert Logic.
If an attack on the power grid, for example, lasted several days and led to blackouts, you could easily envisage looting and violence. Or what about, as Elad Sharf suggests, “if a hospital was hacked and its patient records destroyed?” Worse yet, “this type of attack cannot be 100% prevented: a zero-day worm can take control of any computer on the network, and the impact is exponential”.
Continues on page 3: Self-crashing cars