European airport systems infected with cryptominer
A European airport recently discovered that more than 50% of its computing systems were infected with a Monero cryptocurrency miner despite having anti-virus solution. The initial infection vector is unknown but once inside the network, the threat actor uses PAExec, a redistributable version of the legitimate Microsoft tool PsExec, to elevate privileges for installing the cryptominer. To evade detection, the malware uses Reflective DLL Loading to remotely inject a DLL into a process without using the Windows loader and avoiding accessing the hard drive. To maintain persistence, the PAExec was added to the system registry key so that it starts up in the next reboot. The security incident did not affect airport operation but caused some network segments to experience slowness.
References:Anti-Coinminer Mining Campaign
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services