04-14-2016 , 02:13 PM
PowerShell, a scripting language inherent to Microsoft operating systems, is largely used to launch cyber-attacks, a new report suggests.
The Unified Threat Research report, released by next-generation endpoint security (NGES) firm Carbon Black, says that 38 percent of incidents reported by Carbon Black partners used PowerShell.
During investigations last year, 68 percent of the company’s responding partners encountered PowerShell, and almost a third (31 percent) reported getting no security alerts before the investigation of incidents related to the scripting language.
The majority of attacks (87 percent) were clic-fraud, fake antivirus programs and ransomware, but social engineering techniques are still the favorite.
"PowerShell is a very powerful tool that offers tremendous benefit for querying systems and executing commands, including on remote machines", said Ben Johnson, Carbon Black’s chief security strategist and cofounder.
"However, more recently we’re seeing bad guys exploiting it for malicious purposes it because it falls under the radar of traditional endpoint security products. This often causes tension between the IT and security professionals. PowerShell gives the bad guys a lot of power because it’s part of the native Windows operating system, which makes it difficult for security teams. On the other hand, PowerShell helps IT guys automate various tasks. The two departments need to come together and strike a balance between IT automation and security".
source