Security experts at Cyberbit have uncovered a crypto mining campaign that infected more than 50% of the European airport workstations.
European airport systems were infected with a Monero
“While rolling out Cyberbit’s Endpoint Detection and Response (EDR) in an international airport in Europe, our researchers identified an interesting crypto mining infection, where
Experts pointed out that the Monero miners were installed on the European airport systems, even if they were running an industry-standard antivirus. Threat actors were able to package the miner evading the detection of ordinary antivirus.
The good news is that the miner did not impact the airport’s operations.
Experts’ behavioral engine detected a suspicious usage of the PAExec tool used to execute an application named player.exe.
Experts also observed the use of Reflective DLL Loading after running player.exe. The technique allows the attackers to remotely inject a DLL directly into a process in memory.
“This impacts the performance of other applications, as well as that of the airport facility. The use of administrative privileges also reduces the ability for security tools to detect the activity.” continues the report.
In order to gain persistence, attackers added an entry in the systems’ registries for the PAExec.
At the time, researchers were not able to determine how attackers infected the European Airport systems.
“Because the malware happened to be a
“In a worst-case scenario, attackers could have breached the IT network as a means to hop onto the airport’s OT network in order to compromise critical operational systems ranging from runway lights to baggage handling machines and the air-train, to name a few of the many standard airport OT systems that could be cyber-sabotaged to cause catastrophic physical damage,”
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.