News broke yesterday that industrial control systems and SCADA servers have become a target for unauthorized cryptocurrency mining attack for the first time. Security firm Radiflow, discovered that cryptocurrency mining malware was found in the network of a water utility provider in Europe.
Following this news, Edgard Capdevielle, CEO of Nozomi Networks said:
“Cryptojacking attacks’ goal isn’t to steal data or take control of the infrastructure, but to consume compute cycles of the target systems. The direct consequence is system performance degradation, which can be difficult to discern if the operator is not monitoring the affected network. The attack could be the result of an operator at the water utility opening a browser and clicking on an advertising link causing the malware to download to a HMI device (running Windows XP).
“This attack indicates just how long in can take from infection to identification for an ICS operator to manually identify the issue, highlighting how important it is to have high visibility network monitoring to identify any changes in performance or behaviour. By applying artificial intelligence and machine learning for real-time detection and response, organizations can identify operational changes that may indicate the presence of malware or other issues within industrial control systems, which are the heart of power reliability. Such real-time monitoring means utilities can rapidly discover and act to remove malicious code and the risks they pose to these environments before harm is done.”