Cryptocurrency-mining Windows malware has been found for the first time on a network of industrial control systems (ICS) at an operational treatment plant for a water utility. Radiflow, a security provider for critical infrastructure, made the discovery recently. Initial investigations suggest that the malware arrived via malicious advertising viewed in a web browser on a machine responsible for the ICS's Human Machine Interface (HMI). So really this story is about three problems.
Source :
In a first, cryptocurrency miner found on SCADA network
Water Utility in Europe Hit by Cryptocurrency Malware Mining Attack
This discussion has been archived.
No new comments can be posted.
Compromised Microsoft Windows-Based Industrial Control Systems Mined Cryptocurrencies
|
Log In/Create an Account
| Top
| 29 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
(1)
(Score: 0, Insightful) by Anonymous Coward on Sunday February 11 2018, @10:15PM (4 children)
Pay a Basic Income from the revenue generated by all that water mining, and folk won't need to resort to hijacking the control systems with malware.
(Score: 5, Insightful) by requerdanos on Sunday February 11 2018, @10:33PM (3 children)
That would work if the desire to malware-cryptocurrency-mine was a case of "need", but doesn't work in the case of "greed."
Cryptocurrency mining on someone else's equipment is a little like funneling money out of their bank account to buy lottery tickets.
They lose whether you win or not.
(Score: 0) by Anonymous Coward on Sunday February 11 2018, @11:09PM (1 child)
And how often do you hang out with losers who spend all their money on cerveza and lottery tickets because they live very shitty lives and throwing rocks at your car is their only way to punish you for your success.
(Score: 2) by requerdanos on Monday February 12 2018, @12:03AM
Probably a lot more often than you had suspected.
Nothing wrong with spending time with such friends, you just have to remember not to give them things like valuable home theater or computer equipment (nothing that the pawn shop will pay them for=poof, gone). Even though I have a (small) savings account and a few (meager) investments, some of my best friends come from the cultural group that spends every dime but somehow never runs out of lottery/beer/cigs/whatever they like. That's okay with me.
If they throw rocks at my car, I have a standing policy that I will take offense if they can identify which dent, mark, or scratch is the one that they made personally.
(Score: -1, Spam) by Anonymous Coward on Monday February 12 2018, @12:00AM
Some seem's my fetid, diseased cock has unilaterally decided to self-insert into your rancid asshole. Ah! What's this...!? Your rancid hole contains goodies beyond my wildest expectations...! Not only is it filled with mushy feces that clings to my smelly cock, but the fecalness contains squirming parasites that massage it as well! Excellent! Magnificent! Marvelous! Extraordinary! Exquisite! Too fuckin' good! I'm going to squirt tadpole buddies into your hole until it's pregnant! What say you?
(Score: 5, Insightful) by Anonymous Coward on Sunday February 11 2018, @11:13PM (6 children)
Problem 1: Microsoft Windows-Based Industrial Control Systems
Problem 2: employees allowed to play on critical systems
Problem 3: "critical systems" being, among others, an HMI computer running Windows
Problem 4: with access to the internet
Problem 5: with a web browser
Problem 6: without an ad blocker
Problem 7: without antivirus (although with current attacks even a mediocre ad blocker will be far more effective than the best antivirus.)
The stupid, it burns.
(Score: 3, Funny) by Gaaark on Sunday February 11 2018, @11:22PM (2 children)
Problem 1: let the sieve carry your water.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 2) by turgid on Tuesday February 13 2018, @09:09PM (1 child)
If you freeze the water first?
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].
(Score: 2) by Gaaark on Tuesday February 13 2018, @09:35PM
Like a BIOD?
(Blue Ice Of Death) https://en.m.wikipedia.org/wiki/Blue_ice_(aviation) [wikipedia.org]
XD
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Monday February 12 2018, @04:41AM (2 children)
Not just Windows - Windows XP.
(Score: 2) by Runaway1956 on Monday February 12 2018, @06:17AM
The exact OS is relatively unimportant. You could have relatively "critical" machinery running on *DOS3.1, so long as it does not:
Problem 2: employees allowed to play on critical systems
Problem 4: with access to the internet
Problem 5: with a web browser
Problem 6: without an ad blocker
Problem 7: without antivirus (although with current attacks even a mediocre ad blocker will be far more effective than the best antivirus.)
Around the time that XP was at SP2, I found a computer in a Coca Cola bottling plant, in Dallas, running software on Windows 3.11. No internet, no gaming, no browser, just Windows, and a handful of applications, some of them designed in house, others heavily customized for in house use. I have no idea what they've done with that computer since then - they may have virtualized the damned thing, and they're still using the same software for the same purposes.
(Score: 2) by shortscreen on Monday February 12 2018, @10:33AM
If they were XP systems, I gotta wonder if the hardware was even useful for mining. How many old single-core Celerons does it take to equal one modern GPU?
(Score: 5, Insightful) by Grishnakh on Sunday February 11 2018, @11:33PM (12 children)
What kind of idiot runs critical systems on Microsoft Windows? The stupidity here, on the part of not only managers and executives but also many engineers, is really astounding. Would you run a nuclear power plant or an aircraft avionics system on Windows? Of course not. So why would you run anything else on it?
(Score: 5, Informative) by Whoever on Sunday February 11 2018, @11:47PM
All nuclear power plants in Japan were running Windows in 2015. Not just Windows, but Windows XP. [extremetech.com]
(Score: 4, Informative) by arslan on Monday February 12 2018, @12:33AM
This kind of idiocy is not uncommon..the Brits run their warships on Win XP [telegraph.co.uk]
(Score: 2, Informative) by Anonymous Coward on Monday February 12 2018, @02:42AM
Yup. Clearly, somebody didn't read the EULA before clicking Accept.
Doing mission-critical stuff on a toy OS is just nuts.
The document that permits you to use their stuff says as much.
-- OriginalOwner_ [soylentnews.org]
(Score: 5, Informative) by requerdanos on Monday February 12 2018, @02:47AM (4 children)
Banks [extremetech.com] for their ATMs, Electric Utilties [openviewpartners.com] for their SCADA systems, Governments [microsoft.com] for their nuclear submarines, Medical Equipment Manufacturers [grahamcluley.com] for medical devices for pregnant women. (link has pics),
in practically incomprehensible.
(Score: 0) by Anonymous Coward on Monday February 12 2018, @03:42AM (2 children)
Oscilloscope manufacturer [google.com]
(Tektronix 'scopes started running Linux last century.)
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by Grishnakh on Monday February 12 2018, @03:25PM (1 child)
While I'm obviously no fan of running Windows on anything at all, and certainly not embedded devices, to be fair, an oscilloscope really isn't a "critical service", the way a nuclear power plant is.
(Score: 0) by Anonymous Coward on Monday February 12 2018, @09:16PM
Now, have it as part of a system doing certifications of other systems.
Now, connect it to a network that is part of a data acquisition setup.
Things can quickly snowball--particularly with an OS that requires that band-aids be pasted all over it for "security".
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by Gaaark on Tuesday February 13 2018, @09:42PM
Yeah, I love the price checkers in stores running Windows that are constantly down so you can't check prices, lol, but running things like nukular submarinies???
The stupid in people boggles...
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Monday February 12 2018, @04:38AM
You do, if the government certified vendor of your reactor cooling pump gives you a windoze control box.
(Score: 1, Insightful) by Anonymous Coward on Monday February 12 2018, @07:08AM (1 child)
With stuff like Windows XP it's a good bet that your hardware will still work as badly in 2018 as it did in 2008.
All bets are off for Windows 10 - the updates seem to bork it regularly.
If you say "don't update your Linux kernel" then you have about the same problem as not updating Windows.
Good luck getting OSS drivers for all the hardware you need to run your nuclear power station AND successfully recompiling them AND getting them to work every time the Linux developers break compatibility.
Microsoft used to have a serious commitment to backward compatibility and it mostly worked. Yes the same malware will work for 15 years, but so will the same hardware in most cases with no need for extra human intervention.
(Score: 2) by requerdanos on Monday February 12 2018, @04:16PM
Instead of "not updating" a particular kernel version, which is not a solution, people who want to stay with a particular kernel version update that version, folding security changes from newer versions into that one.
I have at least one host with a 2.6-series kernel released earlier this year. That's an extreme example, but LTS kernels are not kernels that are "not updated", they're kernels that receive the updates, but don't break ABI.
The safety practices in nuclear power plants are extreme, and are made out of money; such drivers would be no exception.
Again, this is only a problem if you are not on an LTS kernel. If a group of Debian volunteers can maintain a LTS kernel, then I would submit that "AC's Nuclear Safety Feature Conglomerate, Inc." should be able to do the same (if nothing else, said corp. could just hire debian developers, who would work a lot cheaper than nuclear engineers...).
(Score: 0) by Anonymous Coward on Monday February 12 2018, @11:26AM
Some systems actually have a real time kernel, that windows kernel runs on top of. Crashing the windows won't crash the RT kernel. The time slot for windows kernel is given by the RT kernel, and that quarantees RT execution. Not that i see much benefit in having windows running there at all. HMIs are different, they are never RT anyway.
(Score: 4, Informative) by The Mighty Buzzard on Monday February 12 2018, @01:43AM (3 children)
The term "compromised" is wholly redundant when talking about a Windows system.
My rights don't end where your fear begins.
(Score: 0, Offtopic) by aristarchus on Monday February 12 2018, @07:18AM (2 children)
Nice to see that the Mightery Bussard is also free, as in not just 50% free, or 90% free, or even 99% free, but full on Free Software Foundation Free. We all praise the TMB.
(Score: 1, Offtopic) by The Mighty Buzzard on Monday February 12 2018, @10:42AM (1 child)
Free as in speech; expensive as in good scotch.
My rights don't end where your fear begins.
(Score: 2) by Gaaark on Tuesday February 13 2018, @09:45PM
What, no expensive hookers?
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---