Cryptomining Malware Infects Major Airport: How the Aviation Sector Can Reduce Risk

Luca Barba | October 29, 2019
Researchers recently discovered a cryptomining malware attack that spread to a number of workstations at a major international airport in Europe. The malware, designed evade discovery, was detected by only 16 out of 73 tools available in VirusTotal, an online service specializing in analyzing files and web locations for malicious content.
The abnormal behavior of the infected systems went unnoticed for months, with only minor performance impacts that didn’t raise any red flags for airport personnel. This behavior is typical for cryptominers – a type of software that clings to a host device to add its computing power to the blockchain digital ledger. Its stealthy operation makes it more difficult to detect than ransomware, which is a much more visible threat.
The researchers couldn’t determine the source of the original attack or the system. Luckily, the purpose of this particular operation was only to mine cryptocurrency. However, the fact that attackers were able to infiltrate a major airport network remotely and access 50% of its workstations while remaining undetected should be a red alert for the aviation sector as a whole, given that it’s a critical and potentially lucrative target for hackers and state-sponsored cyber warfare initiatives.
The stability of operations is an airport’s #1 priority, and attackers can often find their way into the OT network via IT connections. Disrupting operations of any airport building network, even for a couple of hours, could result in millions of dollars of lost revenue for airlines and related vendors. Additionally, air transport consists of exceedingly complex operations that orchestrate a multitude of critical IT and OT systems, including air traffic management (ATM), air fleet management, APRON and tarmac operations, airline operations center (AOC) networks, luggage and goods management, surveillance and many others.
That is why it is fundamental to reduce cyber risk as much as possible through a multi-factor approach:
Securing all these systems is no small feat, and defending them against attacks should be taken very seriously, as hackers are getting better at endangering this highly sensitive ecosystem. All of this happens while the aviation industry is navigating heavy regulation and heterogeneity of technology available in the cybersecurity. The differing interests of various stakeholders can make investing in the right technology a complicated task that requires balancing the security budgets with the foreseeable risk.
It’s important to underline the amount of information these tools produce. They can alert for network changes and potential security or operational threats, vulnerabilities and insecure protocols, connectivity with external networks, and proximity to potentially infected devices. These are all important factors that need to be taken into consideration when understanding the risk posture of a network.
Currently, most of the available tools can only look at these factors independently, but the Forescout SilentDefense Asset Risk Framework can help solve this problem. It’s the first network security monitoring tool that puts together relevant risk factors to determine current risk posture and provides two impact-based risk scores for every monitored device, a security risk score and an operational risk score.
Users don’t have to separately access alerts, vulnerabilities, and communication information statistics to connect the dots on their own anymore. Instead, they can quickly access their asset inventory and start an investigation from there with the help of powerful filtering capabilities.
Want to learn more? Join our expert, Luca Barba, on November 5th at the Aviation Cyber Security Summit 2019 in London. He will participate in the panel discussion on the Current State of Threat Detection, where he will discuss the maturity of the OT threat detection market, security investment decisions versus risk, and available solutions.
To learn more about how the Asset Risk Framework works, watch the short video below.
Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591
Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134