By Sara Jerome,
A water utility network in Europe was recently hit by a cyberattack in an example of a vulnerability that is attracting increasing attention in the water industry.
“Security firm Radiflow, discovered that cryptocurrency mining malware was found in the network of a water utility provider in Europe. The attack is the first public discovery of an unauthorized cryptocurrency miner impacting industrial controls systems (ICS) or SCADA (supervisory control and data acquisition) servers,” eWEEK reported this month.
Ilan Barda, CEO of Radiflow, underscored the significance of the attack.
"This is the first instance of such a cryptocurrency miner that we have seen in an industrial site," he said, per eWEEK.
The infiltrating software was on the water utility network for three weeks before it was noticed, according to eWEEK.
“At this point, Radiflow's investigation indicates that the cryptocurrency mining malware was likely downloaded from a malicious advertising site. As such, the theory that Kfir has is that an operator at the water utility was able to open a web browser and clicked on an advertising link that led the mining code being installed on the system,” the report said.
“The actual system that first got infected is what is known as a Human Machine Interface (HMI) to the SCADA network and it was running the Microsoft Windows XP operating system. Barda noted that many SCADA environments still have Windows XP systems deployed as operators tend to very slow to update their operating systems,” it continued.
In the U.S., federal officials are working to urge water utilities to pay more attention to the rising threat of cyberattacks.
“This will become a greater issue in the future, as more water systems try to cut costs by moving toward full automation,” Bloomberg BNA reported, citing federal aides.
The National Institute of Standards and Technology makes tools available to utilities to help assess cybersecurity risks.
Image credit: "hacker-1," iaBeta © 2017, Public Domain: https://creativecommons.org/publicdomain/zero/1.0/