Ghost Miner Detection and Protection with SentinelOne

Aviram Shmueli-Director of Product Management, SentinelOne • Apr 12, 2018

Crypto-miners are becoming alarmingly widespread. In fact, a new form of sophisticated miner was lately discovered. The miner, named GhostMiner, uses advanced techniques copied from the malware world.

For example, it uses Windows built-in PowerShell framework to run in file-less mode. This technique is popular practice used by malware, allowing them to run completely from memory, leaving no trace on the file system. As a result, GhostMiner is less susceptible to detection by conventional anti-malware solutions. Furthermore, GhostMiner looks to spread at the environment. It scans random IP addresses, looking to attack servers running MSSQL, Oracle WebLogic and phpMyAdmin.

GhostMiner also leverages a hard-coded blacklist to hunt down and kill competing miners on the victim machine. Though this kind of behaviour was observed in the past, and it’s not completely new, it gives us a closer look at the author’s nefarious intentions.

The good news is that SentinelOne protects against GhostMiner. With its unique machine learning techniques, SentinelOne technology detects the miner behavioural patterns and prevents it from running.

SentinelOne agent detects the lateral movement and the usage of file-less PowerShell-based malware, as presented at the SentinelOne console. It then mitigates the threat, by killing the malicious process. All of that is done in few milliseconds.

Altiatech is a trusted SentinelOne partner. To find out more about SentinelOne, please contact innovate@altiatech.com

Like this article? Follow us on LinkedIn , Twitter or Facebook for more updates.

< Older Post Newer Post >

Like this article? Follow us on LinkedIn , Twitter or Facebook for more updates.

Mail

Microsoft Calling Plans Vs Direct Routing

Microsoft Teams - Calling Plans VS Direct Routing

By Emily Wijeyesinghe, Marketing Executive • 21 Apr, 2021

Microsoft Calling Plans Vs Direct Routing? We look at the advantages and disadvantages of both, and weigh up which solution would offer you a more flexible and cost-effective business telephony solution.

What is Shadow IT?

By Emily Wijeyesinghe, Marketing Executive • 30 Mar, 2021

Running an IT department is difficult. That much is obvious. Yet as technology continues to advance and businesses rely on more and more IT resources, the rise of shadow IT is becoming ever more common.

Cloud Centre of Excellence - Digital Transformation with the Cloud

Building a Cloud Centre of Excellence Model

By Fuad Uddin, Director, Altiatech • 16 Mar, 2021

Having a Cloud Centre of Excellence team can help organisations embrace cloud technology on a larger scale. Helping them improve the changes in culture, governance, security and expenditure across the business.

What is Direct Routing with Microsoft Teams?.

Microsoft Teams Direct Routing - Improve Your Internal AND External Communication

By Emily Wijeyesinghe, Marketing Executive, Altiatech • 02 Feb, 2021

Are you using Microsoft Teams to its full capability? Microsoft Teams with Direct Routing is an enterprise voice solution that offers a simple and cost-effective alternative to Microsoft Calling Plans.

First Timer’s Guide: How to Conduct a Compliant Migration

By Tom Gawczynski, Director, Solution Engineering, AvePoint • 08 Dec, 2020

Every year more and more organisations set to embark on a cloud migration journey. With advice on how to navigate a compliant migration, learn our three core steps towards a successful journey.

Office 365 Backup Retention Policy: 3 Things You Need to Know!

By Spenser Bullock, Solution Engineer, AvePoint • 24 Nov, 2020

Due to the issues of managing high data volume, ensuring data retention is critical for organisations. To make sure that there is organisational data retention, an Office 365 retention policy must be implemented to protect important information from being lost.