In 2010, a new kind of computer worm was discovered. At the time, it took advantage of a then-unknown flaw in the Windows shell present in every supported version of Windows. This included Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7.

The flaw allowed local users or remote attackers to execute arbitrary code via a crafted .LNK or .PIF shortcut file. While shortcuts help users easily access information, they are often accessed as files within a LNK extension. They also present themselves as PIF files when attached to MS-DOS programs.

The first known malware using this attack method was Stuxnet, which leveraged CVE-2010-2772 in Siemens WinCC SCADA systems, a kind of controller used in uranium spin systems. But what does this have to do with today?

A Life Beyond the Patch

Though a vulnerability like this may get patched by the manufacturer, that doesn’t mean that the patch actually got installed on all affected machines. Kaspersky Lab found that in 2015 and 2016, Stuxnet was used to target about a quarter of Kaspersky users who had encountered an exploit. It’s still very much in the active column.

The firm addressed this longevity in its research, noting that it may be “due to the fact that malware that uses these exploits have a self-replicating feature, constantly recreating themselves in the attacked network where vulnerable computers are installed.” The clear message of the report is that an exploit’s life cycle doesn’t necessarily end with the release of a security patch, as Kaspersky noted on its blog, SecureList.

Researchers explained that approximately two-thirds of the vulnerabilities tracked were used by more than one threat actor. In other words, one threat actor picks up techniques from another. Kaspersky found that an exploit technique can be grabbed and repurposed by big attackers within hours.

Addressing the Continuing Computer Worm

Ultimately, the older the operating system, the more vulnerable it is. CSO Online observed that an older operating system such as Windows Server 2003 will “remain vulnerable indefinitely to some of the risks because Microsoft no longer supports the software.”

The obvious mitigation lesson from Stuxnet, among others, is to make sure all machines in a network are patched. The use of patch management solutions that allowed centralized software updates on all endpoints may improve vulnerability management and help industrial IT managers get their systems under control.

More from

Increasingly Sophisticated Cyberattacks Target Healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

4 min read

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

2 min read - Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures would become 2023’s ransomware crisis. Compounding the problem is the industrialization of the cybercrime ecosystem, enabling adversaries to complete more attacks, faster. Over the last…

2 min read

Machine Learning Applications in the Cybersecurity Space

3 min read - Machine learning is one of the hottest areas in data science. This subset of artificial intelligence allows a system to learn from data and make accurate predictions, identify anomalies or make recommendations using different techniques. Machine learning techniques extract information from vast amounts of data and transform it into valuable business knowledge. While most industries use these techniques, they are especially prominent in the finance, marketing, healthcare, retail and cybersecurity sectors. Machine learning can also address new cyber threats. There…

3 min read

HHS Releases Hospital Cyber Resiliency Landscape Analysis

4 min read - On April 17, 2023, The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of its Hospital Cyber Resiliency Initiative Landscape Analysis. This landmark analysis reports on domestic hospitals’ current state of cybersecurity preparedness. The scope of the HHS study was limited to activities that protect access to patient care and safety and reduce the negative impact of cyber threats on clinical operations. Breaches of sensitive data were considered only if the breach had a direct…

4 min read