The Stuxnet and Aurora attacks have shown us that malware development has become a professional job. These threats targeting the process industry were written by highly intelligent developers, financed by huge investors, and possibly even by governments.

Yet every time a new attack is discovered, experts are left wondering how the malware was developed so quickly. And while the experts are scratching their heads about the attack du jour, the cyber criminals are already working on a new, even stealthier attack. What’s even more troubling, the criminals are getting increasingly ambitious, raising the stakes even higher. In the old days, they were satisfied stealing money from bank accounts, but now the ultimate goal is stealing data and propriety corporate information. We’re not far from a world in which the criminals are trying to gain total control of industrial processes to impose destruction or possibly harm the health of the population.

Attacks on the rise

In early 2010, the networks of several Fortune 100 companies, including Google China, were hacked by what was later called the Aurora attacks. More than 30 large companies fell victim to the attack, even though they were running their networks with security and intrusion prevention software. This illustrates just how sophisticated the attack was.


Aurora was able to penetrate these networks through an unpatched security leak in Internet Explorer (or so-called zero day leak) that – up until then – had not been discovered. Of course, by the time the malware was finally detected, the targeted corporate information was already stolen. At the time, security experts described Aurora as ‘the most sophisticated malware ever’ – although it turned out to be more of an inconvenience than an attack with devastating consequences.

But it wasn’t long before Aurora was supplanted by Stuxnet in late 2010. The Stuxnet developers far exceeded Aurora in one key aspect. Unlike its predecessor, Stuxnet did not rely on one zero day leak, it used no less than four. This malware wasn’t meant to attack many individual computers – it was meant for a networked group of them. To do this, however, the malware needed to make physical contact with the devices through USB sticks, scanners, or shared printers. Despite this limitation, Stuxnet succeeded in infecting dozens of industrial enterprises all over the world. There are indications the main target was nuclear reactors in Iran. Considering this, even though the malware was detected in the nick of time, its potential for destruction could have been devastating.