Crypto-mining infection discovered in an international airport

A crypto-mining infection, where cryptocurrency-mining software was installed on over half of an airport’s workstations, was discovered at an unnamed international airport in Europe.

This is according to a recent blog post by cyber-security solutions company Cyberbit, which said these findings “raise concerns regarding the ease of installing malicious software within corporate networks despite being protected by antivirus systems”.

The crypto-mining infection was discovered at the airport when the company was installing its Endpoint Detection and Response (EDR) platform and has further said that the malware can be associated with the anti-coinminer campaign reported by Zscaler in August 2018.

“The malware may have been used for months prior to the installation of Cyberbit EDR, although all workstations were equipped with an industry-standard antivirus,” the blog said. “The malware was suspected to be a Bitcoin miner because of its behaviour of executing multiple processes over a short timeframe, typical to a miner using system resources for its calculations.”

The company said it found the malware on over 50 per cent of the workstations and that it removed the malware from the organisation’s endpoints and blocked its ability to execute.

“In a worst-case scenario, attackers could have breached the IT network as a means to hop onto the airport’s operational technology (OT) network in order to compromise critical operational systems ranging from runway lights to baggage handling machines and the air-train, to name a few of the many standard airport OT systems that could be cyber-sabotaged to cause catastrophic physical damage,” the blog continued.

The company advises that airports increase the protection of their OT network, which is used to control physical airport systems. “By penetrating OT networks attackers can cause catastrophic physical damage and this should, therefore, be a strategic cyber-defence priority,” it said.