Hacker uses wind power: SCADA control systems affected by Monero Mining

For the first time, servers with critical infrastructure are affected by unwanted crypto-mining. For example, in USA, SCADA control systems have recently been adopted by generators, turbines and wind power plants. The looting of cryptocurrencies by cybercriminals can lead to a slowdown, in the worst case to overheating and thus failure of the facilities. Then, there would be a power outage.

Manufacturers of expensive Ethernet modules and the matching SCADA control software makes it easy for hackers. The websites controlling these assets can be tracked down using a modified web crawler that can handle more than 40,000 such assets worldwide. Some vendors even ship their devices with standard passwords that many buyers simply leave out for convenience. The control units are used to control wind and heating power plants, pumping stations or generators of all kinds. In Third World countries, in the worst case scenario, the power can be cut off over several square kilometers when one single installation comes to a standstill.

As reported by the security firm Hightech Bridge, they discovered first SCADA Ethernet modules that were acquired by third parties. They were abused for Monero-digging. The security researchers observed unusual network activities. Among other things, various suspicious IP addresses should be called. The malicious software acted in a hidden camo mode in order to be able to run undetected for as long as possible. The security tools of the manufacturers were simply overridden.

Screenshot of the SCADA software for controlling a generator.

Yehonatan Kfir from the Radiflow computer security service, which specializes in the protection of SCADA systems, assumes that the stability and availability of the critical infrastructure are severely impaired in the event of an infection. Since not every operator constantly checks his equipment, the malware can run at maximum speed for long periods of time. Kfir doubts that plants can still be reliably controlled if mining is carried out at maximum speed.

High-tech bridge CEO believes in attacks extending

Hi-Tech Bridge CEO Ilia Kolochenko believes in expanding such cyberattacks. So far, only the browsers of visitor PCs on a website or, in the case of infection, computers and smartphones were affected by mining. Unlike credit cards, bank accounts or PayPal, authorities can not follow any trace of the digital currency Monero. Therefore, these cryptocurrencies are ideal for cybercriminals. Kolochenko expects the hackers to move away from the usual fraud techniques such as phishing or drive-by-download Trojans in order to be able to carry out their mining of Monero & Co. on even more exotic devices.

Check out our mining system: Free Registration! (One Click)

Leave a Reply