Cyber Security firm Cyberbit revealed in a blog post that its software uncovered a large cryptocurrency mining infection in a European international airport.
More than half of the unnamed airport's workstations were infected with mining malware that managed to evade detection from anti-virus (AV) software until the roll-out of the new Endpoint Detection and Response (EDR) security software from Cyberbit.
The firm's software collects endpoint activity, which is then analyzed by a set of behavioral algorithms. This process detected suspicious use of the PAExec tool, which was used to launch the malicious bitcoin miner.
Limited Business Impact
Cyberbit stressed that a cryptominer would cause little business impact to the airport further than some performance degradation, occasional service interruptions to the network and a significant increase in power consumption.
It certainly wouldn't have endangered lives if it remained undetected - and it would likely have remained undetected if the airport had continued to rely on anti-virus software alone, the company said. In conclusion the blog post suggested:
We advise corporate customers not to rely on AV alone. To reach an optimal combination of prevention and detection, we strongly suggest complementing AV with EDR.
Featured Image Credit: Photo via Pixabay.com