Attackers Drain CPU Power From Water Utility Plant In Cryptojacking Attack

darthcamaro writes: Apparently YouTube isn't the only site that is draining CPU power with unauthorized cryptocurrency miners. A water utility provider in Europe is literally being drained of its CPU power via an cryptojacking attack that was undetected for three weeks. eWeek reports: "At this point, Radiflow's (the security firm that discovered the cryptocurrency mining malware) investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Radiflow CTO Yehonatan Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system. The actual system that first got infected is what is known as a Human Machine Interface (HMI) to the SCADA network and it was running the Microsoft Windows XP operating system. Radiflow's CEO, Ilan Barda, noted that many SCADA environments still have Windows XP systems deployed as operators tend to be very slow to update their operating systems." Radiflow doesn't know how much Monero (XMR) cryptocurrency was mined by the malware, but a recent report from Cisco's Talos research group revealed that some of the top un-authorized cryptocurrency campaigns generate over a million dollars per year. The average system would generate nearly $200,000 per year.

Not XP

[kackle]

According to the summary, web ads (why aren't those blocked?!) are suspect. Windows XP is mentioned, though, as it's to blame somehow. To me, XP (or any older OS) is the devil you know versus the devil you don't - you can plan for the devil you know. Don't assume XP is automatically worse because we haven't discovered everything about 10, etc. For the technically smug, look at the surprise of Meltdown and Spectre.

As to why they aren't upgrading everything all the time, I work in water too, and like other such "invisible" industries, it is big and more complex than you may think. Since these sites must function, NO MATTER WHAT, screwing around with one that is working fine is discouraged since each new "project" requires much planning, thought, approval and budgeting.

In my younger days, in an instant, I brought down a medium-sized city's water supply just by plugging in a serial cable, the large pumps shutting down next to me. The controlling PLC's serial port powered pin #9 (not commonly done) as did the new radio transceiver that I just plugged in. "Did I do that?!!"

I was fortunate in that shutting pumps off ungracefully can cause severe "water hammer" on the main pipes underground - broken pipes sometimes result. ...From plugging in a serial cable. Desktop jockies don't understand such things.