Researchers recently discovered a miner focused primarily on corporate networks. The file-less PowerGhost allows the miner to attach itself to victims’ workstations or servers without being noticed. This malware targeted companies from India, Turkey, Brazil, or Colombia.
After penetrating a company infrastructure, PowerGhost to log in to network user accounts through the legitimate remote administration tool Windows Management Instrumentation (WMI). The malware obtains this logins and passwords using a data extraction tool called Mimikatz. This miner also spreads using the EternalBlue exploit for Windows, which was first used in the WannaCry and ExPetr cyberattacks.
Once a device is infected, the malware attempts to enhance its privileges through various OS vulnerabilities. Next thing in line for the miner is to gain a foothold in the system and start the mining process.
Companies and individual people must take certain precautions against this growing phenomenon of cyber attacks; for that they should implement at least a cybersecurity solution, like an antivirus, to protect their systems. Necessary things like regularly updating operating systems, using antivirus for Windows or antivirus for Mac depending on which OS your device is using. Companies must also hire professional cybersecurity firms to do regular checkups to their internal network a couple of times per year. These checkups must always include a penetration test and various ethical hacking test.
Like any other miner, PowerGhost uses computing resources to generate cryptocurrency. This reduces server and other device performance to the point of wear and tear, which eventually leads to replacement costs.
However, compared with most such programs, PowerGhost is more difficult to detect because it doesn’t download malicious files to the device. And that means it can operate longer unnoticed on your server or workstation, and do more damage.
Even more interesting is the malware’s ability to check if it is being run under a real operating system or in a sandbox, allowing it to bypass standard cybersecurity solutions.
To avoid infection and protect equipment from attack by PowerGhost and similar malware, you should carefully monitor the security of corporate networks.
• Always update your software and operating systems
• Upgrade employee cybersecurity awareness skills.
• Use a reliable cyber security solution
We must say that every device has a significant value that must be protected by at least cybersecurity solution like an antivirus. Depending on which OS your device is running, install an antivirus for Windows or antivirus for Mac for total protection. Companies must take an extra step and hire a professional cybersecurity firm that will run various cybersecurity tests on your company’s network to implement only the best possible cybersecurity solution. Always opt for a package that includes at least a penetration test and ethical hacking test. For companies that exist 100% online, we recommend the using of cyber-secured web hosting services.