If you were in charge of some critical infrastructure (such as a power plant or manufacturing facility) and there was some malware which exploited a zero-day vulnerability in Windows which targeted your systems you might be pretty concerned, right?
In fact, if the malware (which we’ll call Stuxnet) was programmed to know the default password used by the SCADA (Supervisory Control And Data Acquisition) systems which manage your critical operations you might want to seriously consider changing those default passwords, right? As a sensible precaution, yes?
Well, unfortunately, life is not that simple.
Although Siemens SCADA systems are being targeted by the Stuxnet malware (which, you will remember, exploits a zero-day Microsoft vulnerability in the way that Windows handles .LNK shortcuts, allowing malicious code to run when icons are displayed), the company is telling customers…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.