PowerGhost: Beware of ghost mining
Fileless malware infects workstations and servers in corporate networks.
In response to Kaspersky research finding that the fileless PowerGhost cryptomining malware is targeting corporate networks is more difficult to detect than other miners because it doesn’t download malicious files to the device and so is likely to operate longer unnoticed, an expert with Corero Network Security offers comments.
Sean Newman, Director Product Management, Corero Network Security
“The Cybercriminal community’s rush to benefit from the huge returns possible from investing their hacking efforts in crypto-currency mining is certainly gaining pace at an epic rate. Although a recent trend has been to leverage mass botnets of IoT devices, which has proven easy due to their poor levels of security, it appears the hackers may now be seeing the challenge with such devices, which have very low processing power available. The latest PowerGhost malware shows there is renewed interest in creating botnets from Enterprise workstations and servers. With the significantly higher-powered CPUs in these devices, compared to IoT, it’s not surprising that they are now the target for compute-intensive crypto-mining activities.
“Although the crypto-mining itself may or may not in some instances represent a security issue, the fact that malware can be planted in the first place does. This is especially worrying when you consider PowerGhost includes the ability to be armed with whatever attack payload the hacker chooses, which can easily include data exfiltration, and has already been shown to include evolving DDoS attack capabilities. And, of course, it shouldn’t be forgotten that crypto-jacking itself is not without impact, including reduced performance on workstations for legitimate users, increased power consumption costs from owned devices constantly running at high CPU rates and also their long-term damage, which can result in hardware failure.”