Cryptojacking Attack Hits Water Utility in Europe

[DooKey]

Cryptojacking attacks are becoming more and more common these days and now it appears a utility company is the first victim of attacks against critical infrastructure. Security company Radiflow discovered the malware recently and found that it had been running on the network for 3 weeks totally unknown to the utility. I guess cryptojacking apparently knows no bounds when it comes to critical systems versus non-critical systems and companies are going to have to be more vigilant against this kind of hijack. I believe critical infrastructure should be more isolated than this and a user shouldn't be able to open a browser and websurf on important systems. Hopefully this will be remedied by this particular utility.

At this point, Radiflow's investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system.

 

[Krenum]

You got Cryptojacked sucka!

 

[RogueTadhg]

I'm surprised. But not really surprised that critical systems are attached to the internet.

 

[Balthazar2k4]

Well, I'd say that network needs an airgap, but https://hardforum.com/threads/stealthy-data-exfiltration-possible-via-magnetic-fields.1954131/

Hopefully that method is one-way...

 

[Nukester]

this whole thing is going to explode into crypto currency regulation. and, good. They do not contribute anything to our economy except sucking the wind out of our energy and video cards. (I Know i'll get flamed)

 

[PaulP]

Too many agencies and companies rushed to put things on the net to make it more convenient to manage and to save money (or so they hoped). But they had little knowledge of, or regard for, the security issues involved. I've personally seen this happen, and no amount of alarm-raising had any effect at all, except to nearly get me fired.

 

[RogueTadhg]

Too many agencies and companies rushed to put things on the net to make it more convenient to manage and to save money (or so they hoped). But they had little knowledge of, or regard for, the security issues involved. I've personally seen this happen, and no amount of alarm-raising had any effect at all, except to nearly get me fired.

That's the thing about Security and IT in general: People spend the least amount of time and money they can because it doesn't directly make them money. It's not until something happens, when people are constantly amazed that it's been breached.

 

[GNUse_the_force]

That's the thing about Security and IT in general: People spend the least amount of time and money they can because it doesn't directly make them money. It's not until something happens, when people are constantly amazed that it's been breached.

Often managers in charge of large IT networks know little about actual IT. Sure their job is to manage, but you would think an overall understanding of the basics would be required.. seemingly not. It's why so many IT engineers grow a thick skin of apathy after a few years in the field.

 

[Gigus Fire]

I say great. Hijacking systems for crypto mining puts the spotlight on security. It's a much better scenario than lets say malicious actors who are out to harm/destroy the systems.
Hopefully instead of just passing the blame onto the hijackers, they put the blame on the utility companies which don't secure their own systems. Later on down the line if they really do harden the systems, if someone tried to maliciously affect the utility they won't be able to (or at least it'll be a lot harder for them to).

 

[BSmith]

I have always said the the world needed a common enemy to fight before it would come together. Always thought it would be an alien invasion,...but turns out, it just might be the cryptocrazies who are going to pull it off!

Often managers in charge of large IT networks know little about actual IT. Sure their job is to manage, but you would think an overall understanding of the basics would be required.. seemingly not. It's why so many IT engineers grow a thick skin of apathy after a few years in the field.

One need to look no futher than the company HR department as the start of the problems. Most (if not all) HR departments are severely lacking in the skills needed to qualify IT personnel. They mostly assume if someone paid to get some letters added to their name, they must know what they are talking about.

Then the other side of the coin would be the IT departments themselves. The ones where they are doing everything they can to keep the users clueless about what they do (empire builders). I have interviewed at a couple of those. They are proud upper management has no idea what they are doing.

My two coppers worth...

 

[M76]

That's the thing about Security and IT in general: People spend the least amount of time and money they can because it doesn't directly make them money. It's not until something happens, when people are constantly amazed that it's been breached.

IT spending is considered a luxury, until something goes wrong, and then they go "Why the hell didn't you say something?"

 

[Johnx64]

The next real cause of global warming. Mining cryptocurrencies. Which then sends us into an ice age that we have to cryptomine our way out of.

 

[Deleted member 93354]

Cryptojacking attacks are becoming more and more common these days and now it appears a utility company is the first victim of attacks against critical infrastructure. Security company Radiflow discovered the malware recently and found that it had been running on the network for 3 weeks totally unknown to the utility. I guess cryptojacking apparently knows no bounds when it comes to critical systems versus non-critical systems and companies are going to have to be more vigilant against this kind of hijack. I believe critical infrastructure should be more isolated than this and a user shouldn't be able to open a browser and websurf on important systems. Hopefully this will be remedied by this particular utility.

At this point, Radiflow's investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system.

IF it was attached to a critical system or critical data (customer billing)

FIRE:
IT Manager
Plant Supervisor
Employee who surfed there.

(Provided it wasn't a NSA exploit toolkit that was released (ie: SMDV1 exploit)). I would still fire the IT manager for not keeping his systems up to date and isolated. (Air gapped)

 

[Deleted member 93354]

I have always said the the world needed a common enemy to fight before it would come together. Always thought it would be an alien invasion,...but turns out, it just might be the cryptocrazies who are going to pull it off!



One need to look no futher than the company HR department as the start of the problems. Most (if not all) HR departments are severely lacking in the skills needed to qualify IT personnel. They mostly assume if someone paid to get some letters added to their name, they must know what they are talking about.

Then the other side of the coin would be the IT departments themselves. The ones where they are doing everything they can to keep the users clueless about what they do (empire builders). I have interviewed at a couple of those. They are proud upper management has no idea what they are doing.

My two coppers worth...

You aren't joking. At my company we had one CTO say, "Everything IBM, Lotus Notes etc." Then 3 years later "Everything Microsoft" Then 2 years later "Everything on the entire company needs to run on Oracle business systems. Then 1 year later "Everything back to what it was: Microsoft/SAP/Oracle" This year it's "We merged our mega companies, so we are switching over all the systems again and to get them to work together at the IT Level, we're all investing it in infrastructure and all programming staff is being cut back and there is no education funds for next gen stuff"

The joys of shifting CTO/CIO''s

 

[WtBadAss]

Often managers in charge of large IT networks know little about actual IT. Sure their job is to manage, but you would think an overall understanding of the basics would be required.. seemingly not. It's why so many IT engineers grow a thick skin of apathy after a few years in the field.

It is fine if the managers are just managers, as long as they hire IT staff that they trust can depend on to handle the IT workload and actually let them do their job. Too often the Manager knows nothing of the systems he/she is in charge of and then dictates (micromanage) to the actual IT staff what to do and how to do it. Even worse is when you have executives/Board Members meddling into the IT projects and operations. that is what is known as a cluster F@#k.

 

[sfsuphysics]

yanno, having seen my fair share of computerized infrastructure terminals, I wouldn't think they would have the necessary hardware to really do much of anything with mining cryptocurrency.

 

[RogueTadhg]

It is fine if the managers are just managers, as long as they hire IT staff that they trust can depend on to handle the IT workload and actually let them do their job. Too often the Manager knows nothing of the systems he/she is in charge of and then dictates (micromanage) to the actual IT staff what to do and how to do it. Even worse is when you have executives/Board Members meddling into the IT projects and operations. that is what is known as a cluster F@#k.

Ugh.

I have nightmares from my past jobs. I can recall my mind going blank, staring into space trying not to show what I was thinking to the boss's boss, "You're special kind of stupid." or "That's not this works. That's not how any of this works."

 

[Spidey329]

yanno, having seen my fair share of computerized infrastructure terminals, I wouldn't think they would have the necessary hardware to really do much of anything with mining cryptocurrency.

They'll mine off a lightbulb if it can be done for free as an easily scripted attack. Quantity over quality.

I'd not be surprised to find it on library computers, to be honest.