In a recent blog post, Cyberbit made some scary revelations about the presence of Bitcoin miners in public networks. The firm said that it has identified a crypto mining exploits in a European international airport.
The problem with security
Cyberbit didn’t reveal the name of the airport infected with the Bitcoin malware but said that its computer security software identified a majority of systems in the network infected with the miner. The firm highlighted that the crypto miner would have easily passed the tests of standard antivirus software. However, the Endpoint Detection and Response (EDR) technology used by Cyberbit doesn’t scan systems like typical antivirus software. Instead, it monitors the performance of the system and oversees user activity to find abnormal data.
The technology found the crypto mining software because of its unusually high computing requirements. As soon as the software found that the high processing needs of the miner, it could identify unauthorized processes on the network.
More about the miner
According to Cyberbit researchers, the malicious actors used a known crypto mining software and modified it to pass the security of the airport. It was designed to fool antivirus solutions on the networks by suppressing attack models and malware signatures discovered by researchers previously. Cyberbit could identify the malware because it looks specifically for programs that do not carry a previously discovered signature or easily identifiable method of attack.
Now that one airport has been discovered with such a serious vulnerability, it would be important to conduct deep tests on the networks of other airports to check if they are infected. For a malicious actor, an airport could be an easy way to gain a large amount of processing power without infecting smaller devices. The systems used at large institutions usually have more resources for these hackers to steal.
However, because of their unusually high demand for computing power, the entire information system of an airport could fail. This could lead to chaos on its premises and may be problematic for incoming and outgoing flights at well. Passengers too may have to face issues with slowed down systems and without adequate security measures in place, it could be impossible to manage the attack and get back the system.
In general, crypto miners can be detected because of the high processing needs. However, hackers are now creating smaller miners that can do their job without getting detected by traditional security systems.