Stuxnet Worm: Prime Example of What Can Happen
The Stuxnet worm, which appeared in July 2010, was a prime example, "wreaking
havoc on the Iranian nuclear facilities," Crosby
Stuxnet exploited four zero-day vulnerabilities in Windows and a vulnerability in Windows' Print Spooler service to do its dirty work. Early versions of the virus abused Windows' AutoRun feature in an effort to infect industrial control systems, Symantec revealed in September.
"The interesting departure [this year] is that we have started to see nation-states play an active role in these attacks," Crosby said. "That is more threatening than the traditional bad guys who spam you with email or blackmail the gambling sites to say, 'Your site's going to be down until you pay me some money.' "
Crosby said that all these concerns point to the cloud as the best place to maintain a "survivable" application.
"Here's a good example: Visa was nailed by the anonymous crew on WikiLeaks. But Amazon didn't even blink when Anonymous pointed 10 gigabits of traffic at it. Amazon has this massive cloud that's redundant, has multiple availability zones spread around geographical regions, and so on. So if you want to make your application survive a big attack, the place to run it is called the cloud."
This is probably counter to what most people think in response to these attacks, Crosby said.
"Most people are going to want to close all the boundaries, run a private cloud, and get my head down in my bunker and hope that I'm secure," he said. "But in that situation, you are more vulnerable than if you are automated. People are running around your infrastructure with USB sticks and everything else. That's how WikiLeaks happened."
When nation-states start pouring defense budget-sized amounts of money into cyber war, then we will see "very interesting attacks," Crosby said. It has been estimated that it cost somebody "on the order of $10 million" to build Stuxnet, for example, Crosby said.
"We don't know where it [Stuxnet] came from, but it's pretty clear that it was organized by a nation-state because of the sophistication of the attack," Crosby said. "Most attacks use a single vulnerability; Stuxnet used four--four that were previously unknown to anyone, including Microsoft. So that basically suggests that somebody had the Windows source code and used it [for that attack]."
Access to source code a major problem
Many governments have access to this source code, he said. Stuxnet also targeted very specific enterprise devices, Crosby said, and was not aimed at the average consumer.
"It was clearly targeted for political reasons, it cost a lot of money to do, and it was very robust," Crosby said. "It still has not been cleared; it's out there causing havoc."
This trend is going to make IT managers sit up and take notice, he said.
"You may say, well, I have good people and procedures in place, but the more people you have involved, the more vulnerable you are--either through mistakes or deliberate sabotage," Crosby said.
"That basically says you need to get on the cloud."
Bradley Manning, the U.S. military IT assistant implicated in the WikiLeaks controversy, used a USB stick on a PC to access most of the information that ended up being published on the site.
"Now, if that organization had been using desktop virtualization, that would never have been allowed to happen. Every single device on every client is policy controlled for access, and you can shut these off. Any properly automated cloud would have prevented WikiLeaks from happening," Crosby said.
Prior to founding XenSource, Crosby was the founder of CPlane Inc., a network-optimization software vendor, where he held a variety of executive roles. Before CPlane, Simon was a tenured faculty member at the University of Cambridge, UK, where he led research on network performance and control, and multimedia operating systems.
He is author of more than 35 research papers and has patents on a number of data center and networking topics, including security, network and server virtualization, resource optimization and performance. In 2007, Simon was named one of InfoWorld's Top 25 CTOs.