European water utility attacked by cryptocurrency mining malware


Unauthorised cryptocurrency mining attacks, also known as cryptojacking, have hit industrial control systems of a European water utility in the form of malware.

The attack, which was discovered by security firm Radiflow, is the first public discovery of an unauthorised cryptocurrency miner impacting industrial controls systems (ICS) or SCADA (supervisory control and data acquisition) servers.

In a cryptojacking attack, mission-critical infrastructure is targeted and cryptocurrency mining code is deployed without authorisation on a system or a network. Mining code uses the resources of others to validate transactions, for which currency (coins) is the reward.

“We found malware on the utility’s server that was mining Monero cryptocurrency,” Yehonatan Kfir, CTO at Radiflow.

The mining software was detected on the utility’s network with its iSID industrial intrusion detection system, while monitoring the network.

The malware was likely downloaded from an advertising site. An operator at the utility enabled the code download by clicking on the advert.

The utility’s Human Machine Interface was the first system to become infected. It was running the Microsoft Windows XP operating system.

The investigation is in the early stages however, it has been determined that the cryptocurrency mining software was on the water utility’s network for approximately three weeks before it was detected.

Kfir noted that Radiflow does not currently know how much cryptocurrency was mined by the water utility infection.

The name of the utility is yet to be revealed, as investigations are ongoing.

Reports of attacks are on the rise, as hackers infiltrate un-secured servers and infect user’s machines with currency mining code.


Image credit: 123rf