A new Cryptocurrency mining campaign has infected about 50% of workstation at European International Airport.
Can you guess how many more airports may have malware in their systems?
The suspected malware
According to Cyberbit researchers, the malware was discovered while installing Cyberbit’s Endpoint Detection and Response (EDR). Cyberbit EDR is an advanced behavioural detection and threat hunting platform.
“While rolling out Cyberbit’s Endpoint Detection and Response (EDR) in an International Airport in Europe, our researchers identified an interesting crypto mining infection, where cryptocurrency mining software was installed on more than 50% of the airport’s workstations.” published by Cyberbit.
The malware detected is associated with the anti-coinminer campaign reported by Zscaler in August 2018. Due to its behaviour of implementing multiple processes over a short time frame, the malware was presumed to be a Bitcoin miner.
It is still not known how the malware got into the workstations even though all workstations in the airports ran an industry-standard AV solution which did not detect the malicious activity.
The attackers use Reflective DLL Loading as a typical evasion tactic to mask the loading of malicious files. The malware was found to be used for months before the installation of EDR.
“Because the malware happened to be a cryptominer, it’s business impact was relatively minor, limited to performance degradations leading to quality of service and service interruptions, as well as a significant increase in power consumption through the airport,” added Cyberbit.
The modified attackers
The attacker had the highest privileges, so it was possible to take emphasis over any application for the use of workstation resources. The hackers are modifying the malware techniques so they would be more challenging to get identified from the infected computer.
To be followed
To have the best protection of the system, the company must have AV with EDR for the prevention and detection of malware rather than using AV alone.
“With the increased convergence of IT and OT networks, we strongly urge airports also to ramp up the protection of their OT network, which is used to control physical airport systems.” Reported by Meir Brown, head of research Cyberbit.
You may be interested in reading: Click2Mail Suffers Data Breach