New Miner – PowerGhost Fileless Cryptominer Targets Corporate Networks.

The experts at Kaspersky security lab have identified a new miner. This comes at the time when the cryptocurrency rush is booming, which has brought about a corresponding spike in the number of cryptojacking malware so it’s no surprise that a new miner has been identified, dubbed PowerGhost.

PowerGhost is unique for two reasons: firstly, it focuses on attacking corporate networks and secondly, it is fileless. This permits the miner to be able to cling to the servers and workstations of victims without being noticed. PowerGhost’s reign of terror has just began, and so far, reports of attacks have been seen Turkey, India, Brazil, and Colombia.

PowerGhost’s Attack Technique

The first step is to get into a company’s computer infrastructure, then, using the Windows Management Instrumentation tool, it makes an attempt to access user accounts. Working in conjunction with Mimikatz (a data extraction tool), PowerGhost obtains user credentials, which can be used to log into the system. After giving itself more privileges, the malware hijacks the system and begins the mining process.

The miner has a tendency to stay longer on a system, because it is hard to detect. It works stealthily by not downloading any software which may give away it’s presence. It’s a good strategy for it, because the longer it goes unnoticed, the more it mines. The miner can also check if it is being run under a real operating system or in a sandbox, allowing it to bypass standard security solutions.

The Effect

Crypto miners have similar effects. It uses your system’s processing power to mine cryptocurrency. This results to a drastic decrease in server performance. Overheating of devices may occur, increasing wear and tear, and subsequently increasing replacement costs. A version of PowerGhost had a tool tailored for Distributed Denial of Service attacks.

What To Do?

PowerGhost should be treated like the malware that it is, and security steps should be taken. The miner exploits old vulnerabilities, which have already been patched, as such, ensure to install operating system updates. Educating users and employees on security risks will go a long way to create more awareness.

Let us know what you think about this new threat in the comments:

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients