The initial focus of Stuxnet was the Windows 0days and impact on the PC’s. Slowly people started to focus on the impact to the PLC’s and process. But I hadn’t heard much about Stuxnet as a new vulnerability exploit platform approach until the Pauldotcom interview with Dave Aitel on Episode 224 Part 1. [Listen at 19:24 for about 3 minutes]
Dave Aitel is a founder of Immunity, famous for the Daily Dave, and past S4 keynoter. In that section of the podcast he bemoans the persistent connection approach of all vulnerability exploit platforms including Metasploit, CORE and even his own Canvas.
“Constant connectivity to all your trojans … scales very badly and is not the right way to do this. … The next generation will look a lot more like Stuxnet and a lot less like Canvas”
Dave continues to explain that the current approach of a persistent connection and static knowledgebase of everything that is going on is flawed, and what is needed is an autonomous worm with asynchronous encrypted messages. That section ends with a discussion of whether a product like that will ever be commercially viable since the market is really for scanners. An interesting little three minutes.
Even if we never see a commercial product take the Stuxnet platform approach, we are likely to see specific attacks and attackers learn this from Stuxnet as well.