More than half of workstations at a European international airport have been found infected by Monero cryptominer. The infection most likely dates back months, although all workstations were using standard antivirus. Thankfully, the malware only affected the systems performance and didn't compromise any vital airport operations.
The cryptominer was sufficiently modified to make it undetectable for signature-based protection (such as antivirus) and was discovered only by behavioral analytics during implementation of new cybersecurity measures on the airport systems. The malware was using legitimate system processes to gain maximum privileges and take priority over other tasks.
This time attackers limited themselves only to stealthily mining cryptocurrencies. However, if this attack succeeded in breaching airport's IT systems, other, more malicious ones may follow, impacting operations and putting people in danger - for example by taking control of air trains, runway lights, and more.