First SCADA cryptominer seen in the wild

News by Robert Abel

The first documented cryptominer attack on a SCADA network of a critical infrastructure operator was seen in the wild.

The first documented cryptominer attack on a SCADA network of a critical infrastructure operator was seen in the wild.

Radiflow researchers spotted the malware attacking the OT network of a water utility company in order to mine the Monerocryptocurrency, according to an 8 February press release.

The malware was designed to run in a stealth mode on the networks' devices and even disable the device's security tools to operate undetected and maximise its mining processes for as long as possible.  

“While it is known that ransomware attacks have been launched on OT networks, this new case of a cryptocurrency malware attack on an OT network poses new threats as it runs in stealth mode and can remain undetected over time,” Radiflow chief technology officer (CTO) Yehonatan Kfir said in the release.

The malware was discovered after researchers detected several abnormalities, including unexpected HTTP communications and changes to the topology of the customer's OT network and communication attempts with suspicious IP addresses.

Topics:
Crime & Threats

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events