Critical Infrastructure Security, Threat Management, Malware

First SCADA cryptominer seen in the wild

The first documented cryptominer attack on a SCADA network of a critical infrastructure operator was seen in the wild.

Radiflow researchers spotted the malware attacking the OT network of a water utility company in order to mine the Monero cryptocurrency, according to a Feb. 8 press release.

The malware was designed to run in a stealth mode on the networks' devices and even disable the device's security tools to operate undetected and maximize its mining processes for as long as possible.  

“While it is known that ransomware attacks have been launched on OT networks, this new case of a cryptocurrency malware attack on an OT network poses new threats as it runs in stealth mode and can remain undetected over time,” Radiflow Chief Technology Officer (CTO) Yehonatan Kfir said in the release.

The malware was discovered after researchers detected several abnormalities, including unexpected HTTP communications and changes to the topology of the customer's OT network and communication attempts with suspicious IP addresses.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.