Transport

European airport systems infected with cryptominer

15 - 22 October 2019

A European airport recently discovered that more than 50% of its computing systems were infected with a Monero cryptocurrency miner.
Cyber_News_Transport

A European airport recently discovered that more than 50% of its computing systems were infected with a Monero cryptocurrency miner despite having anti-virus solution. The initial infection vector is unknown but once inside the network, the threat actor uses PAExec, a redistributable version of the legitimate Microsoft tool PsExec, to elevate privileges for installing the cryptominer. To evade detection, the malware uses Reflective DLL Loading to remotely inject a DLL into a process without using the Windows loader and avoiding accessing the hard drive. To maintain persistence, the PAExec was added to the system registry key so that it starts up in the next reboot. The security incident did not affect airport operation but caused some network segments to experience slowness.

References:

Cryptocurrency Miners Now Using Evasive Tactics to Exploit Airport Resources

Anti-Coinminer Mining Campaign

More Weekly Cyber Newsanalysis and insights

Ensign Consulting

Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.​

Ensign Systems Integration

Architecting and implementing cybersecurity solutions that bolster defences

Ensign Managed Security Services

Managing your security operations for advanced threat detection, continuous monitoring, and triage services

Ensign Labs

Performing deep research to analyse vulnerabilities, deploy advanced threat hunting and provide cyber threat intelligence