The “Stuxnet” Virus of 2010 As an Example of A “APT” and Its “Recent” Variances

Abstract

Due the evolution of technology, a new class of sophisticated threats, called Advanced persistent threats (APTs), has arisen and became a pressing problem specially for the industrial security sector. APTs ignited a fire of information warfare where they form cyber-attacks with a high-risk for very critical and secured infrastructures. They targeted a specific companies and governments. The most significant feature of APTs is their ability for bypass high-profile of security systems and steal or tamper information for doing negative impacts on physical objects. Stuxnet virus is an example of APTs that has a specific target and has an ability to destroy its physical infrastructures. It did not need Internet for spreading. It revealed in 2010 and targeted Iran’s nuclear program by exploiting four zero-day vulnerabilities in Windows Operating System. In the recent years, a number of different APTs have emerged which increased researchers’ attention to analyze them in order to find solutions to protect against existing and future APTs. In this paper, we examine the majority of existing reports and research papers of Stuxnet and APTs to give an overview of characteristics, features, and operations of each of them. We cover Duqu, Flame, Shamoon and Triton as recent variances of Stuxnet. In addition, we highlight the differences and similarities between Stuxnet and these APTs to help in predicting future attacks and encourage the researchers to find solutions to protect against them.