Cryptocurrency-mining Windows malware has been found for the first time on a network of industrial control systems (ICS) at an operational treatment plant for a water utility. Radiflow, a security provider for critical infrastructure, made the discovery recently. Initial investigations suggest that the malware arrived via malicious advertising viewed in a web browser on a machine responsible for the ICS's Human Machine Interface (HMI). So really this story is about three problems.
Source :
In a first, cryptocurrency miner found on SCADA network
Water Utility in Europe Hit by Cryptocurrency Malware Mining Attack
(Score: 5, Insightful) by Grishnakh on Sunday February 11 2018, @11:33PM (12 children)
What kind of idiot runs critical systems on Microsoft Windows? The stupidity here, on the part of not only managers and executives but also many engineers, is really astounding. Would you run a nuclear power plant or an aircraft avionics system on Windows? Of course not. So why would you run anything else on it?
(Score: 5, Informative) by Whoever on Sunday February 11 2018, @11:47PM
All nuclear power plants in Japan were running Windows in 2015. Not just Windows, but Windows XP. [extremetech.com]
(Score: 4, Informative) by arslan on Monday February 12 2018, @12:33AM
This kind of idiocy is not uncommon..the Brits run their warships on Win XP [telegraph.co.uk]
(Score: 2, Informative) by Anonymous Coward on Monday February 12 2018, @02:42AM
Yup. Clearly, somebody didn't read the EULA before clicking Accept.
Doing mission-critical stuff on a toy OS is just nuts.
The document that permits you to use their stuff says as much.
-- OriginalOwner_ [soylentnews.org]
(Score: 5, Informative) by requerdanos on Monday February 12 2018, @02:47AM (4 children)
Banks [extremetech.com] for their ATMs, Electric Utilties [openviewpartners.com] for their SCADA systems, Governments [microsoft.com] for their nuclear submarines, Medical Equipment Manufacturers [grahamcluley.com] for medical devices for pregnant women. (link has pics),
in practically incomprehensible.
(Score: 0) by Anonymous Coward on Monday February 12 2018, @03:42AM (2 children)
Oscilloscope manufacturer [google.com]
(Tektronix 'scopes started running Linux last century.)
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by Grishnakh on Monday February 12 2018, @03:25PM (1 child)
While I'm obviously no fan of running Windows on anything at all, and certainly not embedded devices, to be fair, an oscilloscope really isn't a "critical service", the way a nuclear power plant is.
(Score: 0) by Anonymous Coward on Monday February 12 2018, @09:16PM
Now, have it as part of a system doing certifications of other systems.
Now, connect it to a network that is part of a data acquisition setup.
Things can quickly snowball--particularly with an OS that requires that band-aids be pasted all over it for "security".
-- OriginalOwner_ [soylentnews.org]
(Score: 2) by Gaaark on Tuesday February 13 2018, @09:42PM
Yeah, I love the price checkers in stores running Windows that are constantly down so you can't check prices, lol, but running things like nukular submarinies???
The stupid in people boggles...
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 0) by Anonymous Coward on Monday February 12 2018, @04:38AM
You do, if the government certified vendor of your reactor cooling pump gives you a windoze control box.
(Score: 1, Insightful) by Anonymous Coward on Monday February 12 2018, @07:08AM (1 child)
With stuff like Windows XP it's a good bet that your hardware will still work as badly in 2018 as it did in 2008.
All bets are off for Windows 10 - the updates seem to bork it regularly.
If you say "don't update your Linux kernel" then you have about the same problem as not updating Windows.
Good luck getting OSS drivers for all the hardware you need to run your nuclear power station AND successfully recompiling them AND getting them to work every time the Linux developers break compatibility.
Microsoft used to have a serious commitment to backward compatibility and it mostly worked. Yes the same malware will work for 15 years, but so will the same hardware in most cases with no need for extra human intervention.
(Score: 2) by requerdanos on Monday February 12 2018, @04:16PM
Instead of "not updating" a particular kernel version, which is not a solution, people who want to stay with a particular kernel version update that version, folding security changes from newer versions into that one.
I have at least one host with a 2.6-series kernel released earlier this year. That's an extreme example, but LTS kernels are not kernels that are "not updated", they're kernels that receive the updates, but don't break ABI.
The safety practices in nuclear power plants are extreme, and are made out of money; such drivers would be no exception.
Again, this is only a problem if you are not on an LTS kernel. If a group of Debian volunteers can maintain a LTS kernel, then I would submit that "AC's Nuclear Safety Feature Conglomerate, Inc." should be able to do the same (if nothing else, said corp. could just hire debian developers, who would work a lot cheaper than nuclear engineers...).
(Score: 0) by Anonymous Coward on Monday February 12 2018, @11:26AM
Some systems actually have a real time kernel, that windows kernel runs on top of. Crashing the windows won't crash the RT kernel. The time slot for windows kernel is given by the RT kernel, and that quarantees RT execution. Not that i see much benefit in having windows running there at all. HMIs are different, they are never RT anyway.