Kaspersky Lab researchers have found a new crypto-currency miner – PowerGhost – which has hit corporate networks in several regions, mostly in Latin America. This is the latest in a worrying trend of cybercriminals increasingly using miners in targeted attacks, in their pursuit of money.

 

As this trend grows, enterprises will be put at risk, as miners sabotage and slow down their computer networks, damaging overall business processes and lining their own pockets in the process.

 

Crypto-currency miners are a hot cybersecurity topic right now. This specialist “mining” software creates new coins by using the computing power of a victim PC and mobile devices.

 

Malicious miners do so at the expense of other users, capitalizing on the power of their computers and devices without their knowledge. The threat has sky rocketed in recent times, replacing ransomware as the main type of malicious software, as previous Kaspersky Lab research has shown.

 

However, the emergence of PowerGhost adds a new dimension to the trend. It demonstrates that malicious miner developers are shifting to targeted attacks to make more money, as Kaspersky Lab researchers had previously predicted.

 

PowerGhost is distributed within corporate networks, infecting both workstations and servers. The main victims of this attack so far have been corporate users in Brazil, Colombia, India, and Turkey.

 

Interestingly enough, PowerGhost uses multiple fileless techniques to discreetly gain a foothold in corporate networks – meaning that the miner does not store its body directly onto a disk, increasing the complexity of its detection and remediation.

 

Machine infection occurs remotely through exploits or remote administration tools. When the machine is infected, the main body of the miner is downloaded and run without being stored on the hard disk.

 

Once this has happened, cybercriminals can arrange for the miner to automatically update, spread within the network, and launch the crypto-mining process.

 

PowerGhost attacks on businesses, for the purpose of installing miners, raise new concerns about crypto-mining software. The miner we examined indicates that targeting users is not enough – cybercriminals are now turning their attention to enterprises too. And this makes crypto-currency mining a threat to the business community,” said Vladas Bulavas, malware analyst at Kaspersky Lab.

 

Kaspersky Lab products detect the threat as

    • PDM:Trojan.Win32.Generic
    •  PDM:Exploit.Win32.Generic
    • HEUR:Trojan.Win32.Generic
    • not-a-virus:HEUR:RiskTool.Win32.BitMiner.gen

To reduce the risk of infection with miners, users are advised to:

  1.  Always keep software updated on all the devices used. To prevent miners from exploiting vulnerabilities, it will be best to use tools that can automatically detect vulnerabilities and download and install patches.
  2. Don’t overlook less obvious targets, such as queue management systems, POS terminals, and even vending machines. Such equipment can also be hijacked to mine cryptocurrency.
  3. Use a dedicated security solution that is empowered with application control, behavior detection, and exploit prevention components that monitor the suspicious actions of applications and block malicious file executions. Kaspersky Endpoint Security for Business includes these functions.
  4. To protect the corporate environment, employees and IT teams must be educated on keeping sensitive data separate and restricting access.

To learn more about the PowerGhost threat, please read the blog post available at Securelist.com.


RECOMMENDED ARTICLE FOR TECHWORLD


 
Nokia 5.1 Plus Takes a Sweet Taste of Android™ 9 Pie at the Start of the Year
Techworld Date Posted: 8 January 2019 1:50 PM | 112 Views
HMD Global, the home of Nokia phones, has announced that Filipino Nokia fans can now enjoy the latest Android operating system, Android 9 Pie on their Nokia 5.1 Plus. . See More
 
Nokia 5.1 Plus Takes a Sweet Taste of Android™ 9 Pie at the Start of the Year
Techworld Date Posted: 1:50 PM | 112 Views
HMD Global, the home of Nokia phones, has announced that Filipino Nokia fans can now enjoy the latest Android operating system, Android 9 Pie on their Nokia 5.1 Plus. See More

 
Vulnerabilities in Connected Electric Car Chargers Could Damage Home Networks
Techworld Date Posted: 23 January 2019 5:07 PM | 130 Views
While modern electric vehicles are tested constantly for vulnerabilities, some of their essential accessories, such as the battery chargers, often remain neglected.. See More
 
Vulnerabilities in Connected Electric Car Chargers Could Damage Home Networks
Techworld Date Posted: 5:07 PM | 130 Views
While modern electric vehicles are tested constantly for vulnerabilities, some of their essential accessories, such as the battery chargers, often remain neglected.See More

 
Kaspersky Lab Moving Core Infrastructure from Russia to Switzerland; Opening First Transparency Center
Techworld Date Posted: 16 May 2018 3:56 PM | 102 Views
As part of its Global Transparency Initiative, Kaspersky Lab is adapting its infrastructure to move a number of core processes from Russia to Switzerland.. See More
 
Kaspersky Lab Moving Core Infrastructure from Russia to Switzerland; Opening First Transparency Center
Techworld Date Posted: 3:56 PM | 102 Views
As part of its Global Transparency Initiative, Kaspersky Lab is adapting its infrastructure to move a number of core processes from Russia to Switzerland.See More

 
Taking High Tech Entertainment to a Whole New Level
Techworld Date Posted: 4 January 2018 11:17 AM | 477 Views
TCL Multimedia, the world’s third largest TV manufacturer and leading QLED TV innovator, conducted an exciting virtual racing competition, in partnership with Gameloft, makers of Asphalt Nitro, for mallgoers of the SM Mall of.... See More
 
Taking High Tech Entertainment to a Whole New Level
Techworld Date Posted: 11:17 AM | 477 Views
TCL Multimedia, the world’s third largest TV manufacturer and leading QLED TV innovator, conducted an exciting virtual racing competition, in partnership with Gameloft, makers of Asphalt Nitro, for mallgoers of the SM Mall of...See More

 
HPE Aruba Gives Small Businesses Simplified, Business-class Wi-Fi with the Ease of a Mobile App
Techworld Date Posted: 2 October 2017 8:43 AM | 460 Views
Aruba, a Hewlett Packard Enterprise company, today announced a new Wi-Fi solution designed to give small businesses secure and reliable business-grade Wi-Fi with easy to set-up APs and an intuitive mobile app. The HPE.... See More
 
HPE Aruba Gives Small Businesses Simplified, Business-class Wi-Fi with the Ease of a Mobile App
Techworld Date Posted: 8:43 AM | 460 Views
Aruba, a Hewlett Packard Enterprise company, today announced a new Wi-Fi solution designed to give small businesses secure and reliable business-grade Wi-Fi with easy to set-up APs and an intuitive mobile app. The HPE...See More

 
Tier One Closes a 7-Figure Foreign Investment to Strengthen Its Presence in South East Asia
Techworld Date Posted: 14 September 2018 3:14 PM | 1162 Views
The past few years have seen a widespread boom in the confidence that companies have for esports. Even owners of NBA franchises see the potential that the esports industry has, and have invested heavily.... See More
 
Tier One Closes a 7-Figure Foreign Investment to Strengthen Its Presence in South East Asia
Techworld Date Posted: 3:14 PM | 1162 Views
The past few years have seen a widespread boom in the confidence that companies have for esports. Even owners of NBA franchises see the potential that the esports industry has, and have invested heavily...See More

 
ADATA Announces IUSP33F PCIe BGA SSD
Techworld Date Posted: 11 September 2018 11:04 AM | 333 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has launched the ADATA IUSP33F PCIe ball grid array (BGA) solid state drive (SSD).. See More
 
ADATA Announces IUSP33F PCIe BGA SSD
Techworld Date Posted: 11:04 AM | 333 Views
ADATA Technology, a leading manufacturer of high-performance DRAM modules and NAND flash products, has launched the ADATA IUSP33F PCIe ball grid array (BGA) solid state drive (SSD).See More

 
Fortinet Philippines Bags Global Awards for Marketing & Business Excellence and Outstanding Executives 2017
Techworld Date Posted: 21 December 2017 5:12 PM | 169 Views
(L-R) Jessica Jugo, inside sales representative, Fortinet Philippines; Jeff Castillo, regional director, Fortinet; and Eunice Quilantang, Systems Engineer, Fortinet Philippines during the gala of the Global Awards for Marketing & Business Excellence and Outstanding.... See More
 
Fortinet Philippines Bags Global Awards for Marketing & Business Excellence and Outstanding Executives 2017
Techworld Date Posted: 5:12 PM | 169 Views
(L-R) Jessica Jugo, inside sales representative, Fortinet Philippines; Jeff Castillo, regional director, Fortinet; and Eunice Quilantang, Systems Engineer, Fortinet Philippines during the gala of the Global Awards for Marketing & Business Excellence and Outstanding...See More

 
Threat Intelligence and the Evolving Threat Landscape
Techworld Date Posted: 13 June 2019 10:57 AM | 103 Views
Threat Intelligence and the Evolving Threat Landscape. See More
 
Threat Intelligence and the Evolving Threat Landscape
Techworld Date Posted: 10:57 AM | 103 Views
Threat Intelligence and the Evolving Threat LandscapeSee More

 
HMD Global, Chicago Bulls Power Forward Lauri Markkanen Ink Long-Term Partnership
Techworld Date Posted: 23 January 2018 4:41 PM | 430 Views
HMD Global has signed a long-term co-operation agreement with Finnish NBA player Lauri Markkanen, who is playing his first season in the NBA as power forward for the Chicago Bulls.. See More
 
HMD Global, Chicago Bulls Power Forward Lauri Markkanen Ink Long-Term Partnership
Techworld Date Posted: 4:41 PM | 430 Views
HMD Global has signed a long-term co-operation agreement with Finnish NBA player Lauri Markkanen, who is playing his first season in the NBA as power forward for the Chicago Bulls.See More


Power by

Download Free AZ | Free Wordpress Themes