Two worlds have collided in the latest compromise of an OT (operational technology) environment, in a case in which the Monero cryptocurrency is being mined on SCADA systems.

The research by SCADA security firm Radiflow found critical servers used to monitor water and sewage treatment being compromised by miners generating the untraceable cryptocurrency Monero, and sending it over existing connections to the malware writers.

This highlights a number of interesting points: compromise of critical infrastructure not for destruction, espionage or nation-state-sponsored aims, but for the more commodity-based goal of currency mining. It also shows that, with infection vector yet to be fully determined, OT systems can be targeted for mining malware installation successfully, perhaps due to less monitoring of systems set up to perform a singular, defined purpose - and also to leverage the latent processing ability of these systems. The research indicates that the mining malware was more sophisticated than a simple browser-based program, and also spread across multiple servers using SMB exploits.

Compromise of this type of monitoring hardware by means of currency miner isn't done specifically to destroy the servers or interrupt the water supply control, but can have a knock-on effect on CPU and network bandwidth consumption - with the secondary impact of interference with the systems the machines were configured to control. 

Thankfully the damage in this instance was limited, but a directed compromise of a sewage treatment plant hardly bears thinking about...