Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Malware Created with Microsoft PowerShell Is on the Rise
#1
[Image: malware-created-with-microsoft-powershel...3103-4.jpg]
Microsoft's PowerShell task automation framework is becoming one of the most popular tools for coding and enhancing malware, a Carbon Black study has discovered.
Aggregating data from over 1,100 separate investigations from 20 security firms, Carbon Black says that PowerShell was used in 38 percent of all the attacks they analyzed.
Respondents said that, in 31 percent of all the situations, their clients reported not receiving any warnings about the ongoing attacks.
PowerShell, a favorite tool for targeted attacks and commodity malware
In 87 percent of cases, the PowerShell malware was part of a shotgun approach, while for the rest, the malware was part of a targeted attack, specific to hacker groups and state-sponsored actors.
By shotgun approach malware, we mean common malware such as ransomware, click fraud bots, and other threats where the attacker doesn't care whom they infect as long as they infect someone.
Carbon Black claims that over half of these incidents were related to Vawtrack, a banking trojan that heavily uses PowerShell in its source code.
Respondents said that, most of the time, the PowerShell-based malware was distributed via social engineering techniques and that it targeted mostly corporate networks and financial data, aiming to steal information or disrupt services.
Detecting PowerShell malware is as impractical as banning PowerShell
Because PowerShell is a ubiquitous technology within the Windows ecosystem, detecting PowerShell-based malware is almost impossible, since there's no technical method of distinguishing between good and malicious PowerShell source code.
For this reason, security researchers expect PowerShell to become a prevalent technology in malware design, but also because toolkits like PowerSploit, PowerShell Empire, p0wnedShell, and the Social-Engineer Toolkit are making it easier to use PowerShell exploits out of the box.
As for blocking PowerShell, security researchers say this is impractical. "Unlike other common technologies such as Java and Adobe Flash, which IT administrators can more easily remove or ban, many organizations and applications rely on PowerShell to manage their critical systems."
One of the most recent PowerShell-based malware families is the PowerWare ransomware.
More intricate details are offered in Carbon Black's 'PowerShell' Deep Dive report, available for download.

[Image: malware-created-with-microsoft-powershel...3103-3.png]


source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Hackers now use Microsoft OneNote attachments to spread malware tarekma7 0 614 01-24-2023 , 10:21 AM
Last Post: tarekma7
  Cloud-based malware is on the rise. How can you secure your business? mrtrout 0 507 07-06-2022 , 12:49 AM
Last Post: mrtrout
  Online Shoppers Beware, Mobile Scams Are on the Rise (Bitdefender ) mrtrout 0 445 01-01-2022 , 06:53 AM
Last Post: mrtrout
Information Why Ransomware Attacks Are on the Rise and How the U.S. Can Fight Them mjcn19 0 737 06-18-2021 , 03:57 AM
Last Post: mjcn19
  COVID-Related Threats, PowerShell Attacks Lead Malware Surge Mohammad.Poorya 0 954 04-15-2021 , 05:33 AM
Last Post: Mohammad.Poorya

Forum Jump:


Users browsing this thread: 1 Guest(s)