Cyberbit says its computer security software helped uncover a large infection of cryptocurrency mining software at an unnamed “international airport in Europe” where the majority of workstations were infected with active malware.
Â
The company won’t name its client but in a blog post, its researchers said that standard types of anti-virus software would have failed to catch the crypto-miners, including the system the airport had deployed on its network.
Â
Cyberbit’s Endpoint Detection and Response (EDR) technology analyzes system performance and user activities and looks for abnormal data. It was the high processing requirements of crypto-mining software that providing the clues that unauthorized processes were running.
Â
Cyberbit researchers said that the intruders had created a variant of a known crypto-miner that allowed it to slip by computer security defenses heavily reliant on anti-virus software which rely on previously discovered signatures and models of attack.
Â
Cyberbit’s approach is to look for abnormal behaviors in IT systems in real-time and identify attacks that carry no easily identifiable signature or method.
Â
The discovery of the infected international airport creates the question:Â how many more international airports have unknown malware?
Â
A crypto-miner stealing compute cycles from an airport IT system has potential widespread repercussions in a large region and beyond. Airport information systems could slowdown and maybe fail, creating chaos among departing and arriving passengers, and many other problems.
Â
Crypto-miners are relatively easy to detect because of their high processing requirements but most malware is small and designed to be discreet and therefore far harder to detect.
Â
If airports have hidden crypto miners already running who knows what else has penetrated into these vital IT systems?
Â