Cyberbit a Cyber Security company has revealed that its software uncovered a large cryptocurrency mining infection in a European international airport.
Alot of unnamed airport’s workstations were infected with mining malware that managed to evade detection from anti-virus (AV) software until the roll-out of the new Endpoint Detection and Response (EDR) security software from Cyberbit.
The firm’s software collects endpoint activity, which is then analyzed by a set of behavioral algorithms. This process detected suspicious use of the PAExec tool, which was used to launch the malicious bitcoin miner.
It certainly wouldn’t have endangered lives if it remained undetected – and it would likely have remained undetected if the airport had continued to rely on anti-virus software alone, the company said. In conclusion the blog post suggested:
Cyberbit stated that a cryptominer had little impact to the airport further than some performance degradation, occasional service interruptions to the network and a significant increase in power consumption.