From Ralph this morning: (bolding by your humble editor)
Press release – for immediate releaseLangner Communications sees increased threat level as Stuxnet analysis progresses.
Ralph Langner, who successfully analyzed that Stuxnet is a directed attack against industrial control systems sees an increased threat level as the analysis of Stuxnet progresses. Langner points out that not only security researchers will analyse Stuxnet but also the underground.
The analysis that Langner has conducted shows that it is not technically difficult to inject rogue ladder logic into PLC programs.
It is important to understand that this vulnerability cannot be considered a bug, either technically or legally, so it should not be expected that vendors would be able to release a “patch”. Langner expects that exploit code for this vulnerability within several months in the known frameworks such as Metasploit.
While Langner does not assume to see an attack as sophisticated as Stuxnet soon, he points out that the Stuxnet story will raise a lot of attention in the hacker community where people may now start to try using the attack vector for much less trivial motivations than we must assume for the Stuxnet writers. Langner suggests equipment vendors, asset owners and integrators start developing strategies to cope with this scenario quickly.Langner Communications GmbHFossredder 12, D-22359 Hamburg, Germanyhttp://www.langner.com/en~~~ 1988-2008: 20 Years Langner Communications ~~~
