News broke yesterday that industrial control systems and SCADA servers have become a target for unauthorized cryptocurrency mining attack for the first time. Security firm Radiflow, discovered that cryptocurrency mining malware was found in the network of a water utility provider in Europe. IT security experts commented below.
Edgard Capdevielle, CEO at Nozomi Networks:
“Cryptojacking attacks’ goal isn’t to steal data or take control of the infrastructure, but to consume compute cycles of the target systems. The direct consequence is system performance degradation, which can be difficult to discern if the operator is not monitoring the affected network. The attack could be the result of an operator at the water utility opening a browser and clicking on an advertising link causing the malware to download to a HMI device (running Windows XP).
“This attack indicates just how long in can take from infection to identification for an ICS operator to manually identify the issue, highlighting how important it is to have high visibility network monitoring to identify any changes in performance or behaviour. By applying artificial intelligence and machine learning for real-time detection and response, organizations can identify operational changes that may indicate the presence of malware or other issues within industrial control systems, which are the heart of power reliability. Such real-time monitoring means utilities can rapidly discover and act to remove malicious code and the risks they pose to these environments before harm is done.”
Gavin Millard, Technical Director at Tenable:
“This latest “cryptojacking” attack was more likely a malware campaign that managed to infect a critical infrastructure than a targeted attack. Systems on ICS networks are generally already overburdened so it wouldn’t be an ideal platform to mine for cryptocoins since the yield would be extremely low. If the report is accurate, what should be more concerning is how a critical infrastructure could be infected by an everyday piece of malware. This indicates a low level of basic cyber hygiene which, if targeted by a malicious attacker, could cause far bigger issues than a few coins being mined.”