Cyberbit says its computer security software helped uncover a large infection of cryptocurrency mining software at an unnamed "international airport in Europe" where the majority of workstations were infected with active malware.
The company won't name its client, but in a blog post its researchers said that standard types of anti-virus software would have failed to catch the crypto-miners, including the system the airport had deployed on its network.
Cyberbit's Endpoint Detection and Response (EDR) technology analyses system performance and user activities and looks for abnormal data. It was the high processing requirements of crypto-mining software that providing the security firm’s software clues that unauthorized processes were running the company claimed.
Furthermore, its researchers claimed that the intruders had created a variant of a known crypto-miner that allowed it to slip by computer security defences heavily reliant on anti-virus software which rely on previously discovered signatures and models of attack.
A crypto-miner stealing compute cycles from an airport IT system has potential widespread repercussions in a large region and beyond. Airport information systems could slowdown and maybe fail, creating chaos among departing and arriving passengers, and many other problems....