PowerGhost: The Mining Malware to Watch in 2020

Matthew Lam  Jan 02, 2020 10:00  UTC 02:00

4 Min Read

Exclusive Interview with Yeo Siang Tiong, Kaspersky: Part 3 (Links: Part 1 and 2)

In Part 3 of the interview, Yeo Siang Tiong, General Manager for Southeast Asia, Kaspersky shared with us the state of cryptocurrency mining malware and he believed we should watch out for Powerghost in 2020! Yeo also explained the cybersecurity solutions of Kaspersky on quantum computing. 

From your observation, which minable cryptocurrency is more vulnerable to attacks from mining malware?

It is not a case of which minable cryptocurrency is more vulnerable to mining malware threats but more of how businesses can safeguard their crypto exchanges and their investors. Especially so for crypto exchanges, they are becoming more attractive for hackers because it is more profitable and less risky to attack them as compared to your traditional financial institutions.

Within the first six months of 2019, the industry has seen seven hacks, the same number of hacking attacks in the whole of 2018.  It is relatively easy to hack a crypto-exchange these days. Hackers can now obtain a large number of user API keys and 2FA codes through a variety of techniques such as phishing, viruses and other attacks.

At the same time, there are also issues with vulnerabilities that can be found inside crypto wallets. For example, a crypto investor discovered a vulnerability where the textbox into which you enter your passphrase in, was implemented via a Chromium browser component. Once you type or paste anything in that textbox it immediately and discreetly sends it to googleapis.com for a spelling check.

As a result, someone had access to the HTTPS requests and used a passphrase to steal $70K worth of the investor’s crypto assets.

In all, a lack of good cyber hygiene practices among end-users/crypto-businesses, as well as the poor coding of programmes on the blockchain have led to a situation where we are continuing to see the crypto-economy suffer from cyberattacks. Hence, this outlines the need for us to be more proactive when it comes to cybersecurity for the crypto-economy. We need to be more vigilant and also implement the right security protocols which will enhance our cyber-resilience.

Which mining malware are the ones to watch in Q4 2019 and 2020?

Initially, there was a rise in the number of miner-related attacks at the beginning of 2018. However, given that the crypto-economy is undergoing bear market pressure, infection activity has noticeably declined. Nonetheless, the crypto miner threat remains highly current as cyber-criminals continue to find new and sophisticated ways to infect our computers with mining malware.

For example, PowerGhost, a new fileless crypto-miner caught our eye last July with its ability to stealthily establish itself in the system and spread inside large corporate networks, infecting workstations and servers alike. This was done by employing multiple fileless techniques which allow the miner to avoid storing its body directly onto a disk, which increases the complexity of its detection and remediation. The main victims of the attack included corporate users in Brazil, Colombia, India and Turkey.

From our findings, miners gain access to victims’ computers when they download unlicensed content or install pirated software. Hence, the impact of such attacks is more profound in countries with lower levels of overall digital literacy among users, as well as having a poor intellectual property framework. This also suggests that regardless of the form of mining malware that is being distributed in cyberspace, it is important for us to practice good cyber hygiene by avoiding unverified downloads as well as clicking on emails of dubious origin.

What are the solutions for Kaspersky Labs for quantum computing?

The direction of quantum encryption practice isn’t to find ‘one quantum-safe algorithm to rule them all,’ though. As the history of cryptography has shown us that old methods become useless as researchers become smarter. The algorithms being put forward by mathematicians, cybersecurity researchers and quantum computing scientists as quantum-safe standards may, one day, be proven to be not so quantum-safe after all.

However, the uncertainty about the future safety of these new algorithms doesn’t remove the need to make our security standards tighter now based on our knowledge that quantum computing will pose a huge threat to current systems. As emerging technologies reach the market, there is a need to make standards stronger to enable innovators to make the most of these incredible new inventions, as opposed to feeling threatened and missing out on their potential to improve the state of the world.

The cybersecurity industry must be comfortable questioning its confidence in existing methods. It must ensure the traditional, sometimes slow-moving institutions in charge of standards and regulations move more quickly. The industry cannot fall into the trap of assuming quantum computing is still too far away to be a threat to ‘business as usual.’

 



Read More