The cryptocurrency world is full of new innovations, wonderful surprises as well as risks. Radiflow, a leading provider of cyber security solutions for critical infrastructure networks (i.e. SCADA), today reported that the company has uncovered the documented cryptocurrency malware attack on SCADA. The attack affected several servers in the network of a water company to mine the Monero cryptocurrency. First, let’s take a look at what exactly is SCADA.

What is SCADA? 

Supervisory control and data acquisition (SCADA) is a system of software and hardware components that enables industrial organizations to gather data in real time from remote locations in order to control equipments.  SCADA is used in power plants as well as in oil and gas refining, telecommunications, transportation, and water and waste control.

Radiflow found that cryptocurrency mining malware was present in the network of a water utility provider in Europe. The attack is the first discovery of a cryptocurrency malware impacting SCADA (supervisory control and data acquisition) servers. This attack is also known as cryptojacking.

What is Cryptojacking?

Cryptojacking is defined as the use of your computing device to mine cryptocurrency. In short, it is installing a program that secretly mines cryptocurrency.  It uses JavaScript on a web page to mine for cryptocurrencies.

In a cryptojacking attack , cryptocurrency mining code is sent without approval on a framework or a system. Mining is the calculation process that is executed by taking an interest frameworks as a major aspect of a mining pool to make or find coins. Multiple cryptojacking assaults have been accounted for as of late, including a substantial attack against YouTube, and additionally attacks against un-secured SSH and Oracle WebLogic servers, as hackers have intended to benefit from the rising estimation of cryptocurrency. Radiflow’s iSID – Industrial IDS team revealed that this cryptocurrency malware was intended to keep running in a stealth mode on a PC or gadget and even damage its security devices so as to work undetected and amplify its digging forms for whatever length of time that conceivable.

Yehonatan Kfir, CTO at Radiflow said that “Cryptocurrency malware attacks involve extremely high CPU processing and network bandwidth consumption, which can threaten the stability and availability of the physical processes of a critical infrastructure operator”

Kfir further explained that “While it is known that ransomware attacks have been launched on OT networks, this new case of a cryptocurrency malware attack on an OT network poses new threats as it runs in stealth mode and can remain undetected over time. PCs in an OT network run sensitive HMI and SCADA applications that cannot get the latest Windows, antivirus and other important updates and will always be vulnerable to malware attacks. The best way to address this risk is using an intrusion detection system that passively monitors the communication in the OT network and detects anomalies in real-time caused by such malware.”