Are You Protected? Powershell-Based Malware

PowerShell is being used as an attack avenue for malware. Here's what you should do to insulate yourself against this latest threat.

There has been a reported increase in PowerShell-based malware over the last few weeks. The popular and powerful scripting language is installed on all Windows machines, and therefore makes an attractive avenue for malware.

Some other reasons PowerShell is being used by attackers include:

  • PowerShell logging is disabled by default, meaning attacks fly under the radar
  • It’s possible to execute directly from memory, allowing for file-less malware delivery
  • Since PowerShell is a trusted application, it is often overlooked by the security stack
  • PowerShell provides unrestricted access to Windows APIs

These factors have obviously awakened the interest of many attackers. However, there are some moves you can make to insulate yourself against this threat.

  1. Update PowerShell: Make sure the newest version of the Windows Management Framework is running on all machines.
  2. Enable and Configure PowerShell Logging: By default, PowerShell logging is disabled. Configure the systems to log any PowerShell command that is being executed and incorporate these logs into your security workflow
  3. Deploy Policies: Only allow tested, pre-approved scripts to be used in your environment
  4. Back Up Your Data: Make sure your data is protected in case an attack makes its way through your defenses. Remember, backing up only works if you do it before the disaster happens, so think (and act) ahead!
Share on email
Share on print
Share on facebook
Share on google
Share on twitter
Share on linkedin

Download

BackupAssist

Start your free 30-day trial today