STE WILLIAMS

Infosec bods say they have uncovered what’s thought to be the first case of a major industrial control system network infected with cryptocurrency-mining malware.

SCADA security outfit Radiflow claimed today it found the software nasty lurking in computer systems at a water treatment facility. Several servers used to monitor and regulate critical water supplies were found to have been infected with code that quietly harvested Monero cyber-dosh and sent the coins over the internet to its masterminds, we’re told.

The malicious software was, we’re told, chewing up processor time, noisily shifting data over network, and exploiting the fact that industrial networks tend not to be running the latest security patches – typically because they oversee critical processes that cannot be interrupted or knocked out by bad updates.

“Cryptocurrency malware attacks involve extremely high CPU processing and network bandwidth consumption, which can threaten the stability and availability of the physical processes of a critical infrastructure operator,” said Yehonatan Kfir, chief tech officer at Radiflow.

“PCs in an OT [operational technology] network run sensitive HMI [human-machine interface] and SCADA [supervisory control and data acquisition] applications that cannot get the latest Windows, antivirus and other important updates and will always be vulnerable to malware attacks.”

More and more websites are mining crypto-coins in your browser to pay their bills, line pockets

READ MORE

The malware family caught on the water utility’s equipment wasn’t named, and it sounds relatively sophisticated – more than a JavaScript miner running on a webpage on someone’s laptop. It used obfuscation techniques, we’re told, such as shutting down any installed antivirus tools, and was designed to be stealthy to maximize its moneymaking before it could be discovered.

The software nasty was apparently spotted thanks to researchers noticing unusual spikes in unexpected HTTP communications from the infiltrated hardware, and after the computers tried to send data to servers already identified as malware command-and-control machines. The hidden miner has since been removed from the sewage plant’s systems, it is claimed.

Currency mining infections are fast becoming the preferred method for online scumbags to make a fast buck. Even ransomware is losing ground to mining infections, thanks in part to people keeping better backups and antivirus tools blocking extortionware.

There’s no word on how the malware got onto the SCADA network in the first place. It was either placed there by a rogue employee, via an open hardware port, or possibly through a network service left open by a careless admin.

We’ve pinged Radiflow, based in New Jersey, USA, for more information – we’ll let you know if they get back to us. ®

Sponsored:
Minds Mastering Machines – Call for papers now open

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2018/02/08/scada_hackers_cryptocurrencies/