Businesses beware: New cryptomining malware infects corporate networks worldwide
In the latest instance of cryptojacking, researchers from Kaspersky Lab have found a new cryptomining malware that is spreading itself across corporate networks worldwide. The file-less malware, dubbed PowerGhost, infects everything from workstations to entire server farms, and has been spreading on corporate networks in India, Brazil, Colombia, and Turkey, among others. Here's all you need to know about it.
What is PowerGhost and how does it operate?
PowerGhost uses a system's native processes to hijack a computer. Once a computer is infected, a script downloads the mining tool, which diverts a portion of the infected hardware's processing power to solve complex computational problems and mine an unknown cryptocurrency for the attacker(s). Additionally, PowerGhost launches copies of itself to infect all systems on the network. Since it is file-less, detection becomes difficult.
Attacking corporates can help mine large volumes of cryptocurrency
The intent behind PowerGhost is rather simple. By hijacking a large network of corporate workstations or servers, and using their processing power, PowerGhost can mine a large amount of cryptocurrency. Simply speaking, the more machines are infected, the more illicit money the attacker makes. Additionally, with cryptojacking malware being difficult to detect anyway, attacking corporates ensures that large amounts of data obfuscates the malware.
What you can do to protect your systems from infection
Unfortunately, there's not a lot you can do to prevent infection. Researchers recommend keeping software patched and up-to-date to prevent miners like PowerGhost from exploiting system vulnerabilities. Additionally, organizations should also not overlook less obvious targets like POS terminals, vending machines, and queue management systems - cryptominers don't need much power to operate, and can thus also exploit these often-forgotten, low-powered systems.
India and Brazil are the worst affected by PowerGhost
The latest information on PowerGhost indicates that at least 200-290 systems have been infected in India and Brazil, making these two countries the two hotspots for PowerGhost. Following India and Brazil are Turkey and Colombia, with at least 110-200 infections. Mexico, Peru, and Ecuador are expected to have at least 49-110 infections. The malware has also been spotted in North America, Europe, and Africa.
PowerGhost signals a shift in cybercriminals' targets
The discovery of PowerGhost, however, has important implications for the cybercrime scene. By targeting corporates, PowerGhost has signalled a break from the usual practice of targeting consumers. The reason? It's simply more profitable to target organizations with large computer networks. Thus, it's unlikely that PowerGhost will be last cryptomining malware aimed at businesses, and it would be prudent to expect more such malware.
Cryptojacking might become a huge threat to businesses soon
"The miner we examined indicates that targeting consumers is not enough for cybercriminals anymore - threat actors are now turning their attention to enterprises too. Cryptocurrency mining is set to become a huge threat to the business community," Kaspersky Lab researcher David Emm told ZDNet.