Short Bytes: You might not know but PowerShell, the ubiquitous force running behind the Windows environment, is slowly becoming a secure way for the attackers to hide their malicious activities. Unfortunately, at the moment, there’s no technical method of distinguishing between malicious and good PowerShell source code.
In a new report, it has been discovered that more than one-third of the security breaches have reported the use of PowerShell in some way or the other.
If you don’t know much about PowerShell, well, it’s a task automation and configuration management framework. Because it’s built upon the .NET Framework, it facilitates the simpler management of systems. This ease of use of PoweShell framework also makes it useful for notorious purposes.
According to the study by the Carbon Black Threat Research Team and other partners, PowerShell exploitation is on the rise. The data from more than 1,100 separate investigations from 20 security firms indicates that PowerShell was used in 38 percent of all attacks.
Powershell — Hackers’ new favorite tool to write virus
In its report, Carbon Black mentions several techniques being used by attackers to use PowerShell to gain access of the endpoints of organizations. It outlines that in about 31 percent of all situations, the clients were unaware of the ongoing attacks as they didn’t receive any warning.
About 87 percent of the attacks that leveraged PowerShell, were commodity malware attacks like fake antivirus, click fraud, ransomware etc. Out of the total attacks, 13 percent appeared to be of advanced level.
Unfortunately, this scenario isn’t going to change anytime soon as PowerShell is the fundamental framework of many PCs and there’s no technical method of distinguishing between malicious and good PowerShell source code.
For more details, go ahead and take a look at Carbon Black’s PowerShell Deep Drive report.
Choose your own hacking eLearning course here.