Water utility networks and control systems were recently targeted by hackers in Europe, highlighting the growing cybersecurity threat to infrastructure. The attack was of particular interest because the culprit was somewhat unusual—cryptocurrency mining software.
As eWEEK recently reported, “Security firm Radiflow discovered that cryptocurrency mining malware was found in the network of a water utility provider in Europe. The attack is the first public discovery of an unauthorized cryptocurrency miner impacting industrial controls systems (ICS) or SCADA (supervisory control and data acquisition) servers.”
Ilan Barda, CEO of Radiflow, was quoted as saying “This is the first instance of such a cryptocurrency miner that we have seen in an industrial site.” The offending software had gone unnoticed on the water utility network for three weeks.
eWEEK’s report continued, “At this point, Radiflow’s investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory … is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system.
“The actual system that first got infected is what is known as a Human Machine Interface (HMI) to the SCADA network and it was running the Microsoft Windows XP operating system. Barda noted that many SCADA environments still have Windows XP systems deployed as operators tend to very slow to update their operating systems.”
In the United States, authorities are already warning of active attacks targeting infrastructure sectors and are urging water utilities in particular to be more vigilant about the potential for cyberattacks. Citing federal aides, Bloomberg BNA reported that “[t]his will become a greater issue in the future, as more water systems try to cut costs by moving toward full automation.”
There are tools available to utilities from the National Institute of Standards and Technology (NIST) to help them assess their cybersecurity risks.