{"id":11121,"date":"2018-08-20T14:52:57","date_gmt":"2018-08-20T04:52:57","guid":{"rendered":"https:\/\/www.backupassist.com\/blog\/?p=11121"},"modified":"2018-08-20T14:52:57","modified_gmt":"2018-08-20T04:52:57","slug":"latest-threat-powershell-based-malware","status":"publish","type":"post","link":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware","title":{"rendered":"Are You Protected? Powershell-Based Malware"},"content":{"rendered":"<p>There has been a reported increase in PowerShell-based malware over the last few weeks. The popular and powerful scripting language is installed on\u00a0all Windows machines, and therefore makes an attractive avenue for malware.<\/p>\n<p><strong>Some other reasons PowerShell is being used by attackers include:<\/strong><\/p>\n<ul>\n<li>PowerShell logging is disabled by default, meaning attacks fly under the radar<\/li>\n<li>It&#8217;s possible to execute directly from memory, allowing for file-less malware delivery<\/li>\n<li>Since PowerShell is a trusted application, it is often overlooked by the security stack<\/li>\n<li>PowerShell provides unrestricted access to Windows APIs<\/li>\n<\/ul>\n<p><strong>These factors have obviously awakened the interest of many attackers.<\/strong> However, there are some moves you can make to insulate yourself against this threat.<\/p>\n<ol>\n<li><strong>Update PowerShell:<\/strong> Make sure the newest version of the Windows Management Framework is running on all machines.<\/li>\n<li><strong>Enable and Configure PowerShell Logging<\/strong>: By default, PowerShell logging is disabled. Configure the systems to log any PowerShell command that is being executed and incorporate these logs into your security workflow<\/li>\n<li><strong>Deploy Policies:\u00a0<\/strong>Only allow tested, pre-approved scripts to be used in your environment<\/li>\n<li><strong>Back Up Your Data:<\/strong>\u00a0Make sure your data is protected in case an attack makes its way through your defenses. Remember, backing up only works if you do it before the disaster happens, so think (and act) ahead!<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>PowerShell is being used as an attack avenue for malware. Here&#8217;s what you should do to insulate yourself against this latest threat.<\/p>\n","protected":false},"author":3,"featured_media":11141,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[23],"tags":[634,388,705],"class_list":["post-11121","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-featured","tag-malware","tag-powershell"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Are You Protected? Beware of Powershell-Based Malware<\/title>\n<meta name=\"description\" content=\"PowerShell is being used as an attack avenue for malware. Here&#039;s what you should do to insulate yourself against this latest threat.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Are You Protected? Beware of Powershell-Based Malware\" \/>\n<meta property=\"og:description\" content=\"PowerShell is being used as an attack avenue for malware. Here&#039;s what you should do to insulate yourself against this latest threat.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Resilience Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-08-20T04:52:57+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/08\/iStock-518177506.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1859\" \/>\n\t<meta property=\"og:image:height\" content=\"1612\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Adam Ipsen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Adam Ipsen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware\"},\"author\":{\"name\":\"Adam Ipsen\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d\"},\"headline\":\"Are You Protected? Powershell-Based Malware\",\"datePublished\":\"2018-08-20T04:52:57+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware\"},\"wordCount\":217,\"commentCount\":1,\"publisher\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/08\/iStock-518177506.jpg\",\"keywords\":[\"featured\",\"malware\",\"powershell\"],\"articleSection\":[\"News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware\",\"url\":\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware\",\"name\":\"Are You Protected? Beware of Powershell-Based Malware\",\"isPartOf\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/08\/iStock-518177506.jpg\",\"datePublished\":\"2018-08-20T04:52:57+00:00\",\"description\":\"PowerShell is being used as an attack avenue for malware. Here's what you should do to insulate yourself against this latest threat.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#primaryimage\",\"url\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/08\/iStock-518177506.jpg\",\"contentUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/08\/iStock-518177506.jpg\",\"width\":1859,\"height\":1612,\"caption\":\"Illustration and Painting\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.backupassist.com\/blog\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Are You Protected? Powershell-Based Malware\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#website\",\"url\":\"https:\/\/www.backupassist.com\/blog\/\",\"name\":\"Cyber Resilience Blog\",\"description\":\"Protect Your Cloud Data with BackupAssist\",\"publisher\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.backupassist.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#organization\",\"name\":\"Cyber Resilience Blog\",\"url\":\"https:\/\/www.backupassist.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg\",\"contentUrl\":\"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg\",\"caption\":\"Cyber Resilience Blog\"},\"image\":{\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d\",\"name\":\"Adam Ipsen\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g\",\"caption\":\"Adam Ipsen\"},\"url\":\"https:\/\/www.backupassist.com\/blog\/author\/adam-ipsen\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Are You Protected? Beware of Powershell-Based Malware","description":"PowerShell is being used as an attack avenue for malware. Here's what you should do to insulate yourself against this latest threat.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware","og_locale":"en_US","og_type":"article","og_title":"Are You Protected? Beware of Powershell-Based Malware","og_description":"PowerShell is being used as an attack avenue for malware. Here's what you should do to insulate yourself against this latest threat.","og_url":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware","og_site_name":"Cyber Resilience Blog","article_published_time":"2018-08-20T04:52:57+00:00","og_image":[{"width":1859,"height":1612,"url":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/08\/iStock-518177506.jpg","type":"image\/jpeg"}],"author":"Adam Ipsen","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Adam Ipsen","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#article","isPartOf":{"@id":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware"},"author":{"name":"Adam Ipsen","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d"},"headline":"Are You Protected? Powershell-Based Malware","datePublished":"2018-08-20T04:52:57+00:00","mainEntityOfPage":{"@id":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware"},"wordCount":217,"commentCount":1,"publisher":{"@id":"https:\/\/www.backupassist.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#primaryimage"},"thumbnailUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/08\/iStock-518177506.jpg","keywords":["featured","malware","powershell"],"articleSection":["News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware","url":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware","name":"Are You Protected? Beware of Powershell-Based Malware","isPartOf":{"@id":"https:\/\/www.backupassist.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#primaryimage"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#primaryimage"},"thumbnailUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/08\/iStock-518177506.jpg","datePublished":"2018-08-20T04:52:57+00:00","description":"PowerShell is being used as an attack avenue for malware. Here's what you should do to insulate yourself against this latest threat.","breadcrumb":{"@id":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#primaryimage","url":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/08\/iStock-518177506.jpg","contentUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2018\/08\/iStock-518177506.jpg","width":1859,"height":1612,"caption":"Illustration and Painting"},{"@type":"BreadcrumbList","@id":"https:\/\/www.backupassist.com\/blog\/latest-threat-powershell-based-malware#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.backupassist.com\/blog"},{"@type":"ListItem","position":2,"name":"Are You Protected? Powershell-Based Malware"}]},{"@type":"WebSite","@id":"https:\/\/www.backupassist.com\/blog\/#website","url":"https:\/\/www.backupassist.com\/blog\/","name":"Cyber Resilience Blog","description":"Protect Your Cloud Data with BackupAssist","publisher":{"@id":"https:\/\/www.backupassist.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.backupassist.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.backupassist.com\/blog\/#organization","name":"Cyber Resilience Blog","url":"https:\/\/www.backupassist.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg","contentUrl":"https:\/\/www.backupassist.com\/app\/uploads\/sites\/3\/2019\/09\/BA-Logo-Full-Logo.svg","caption":"Cyber Resilience Blog"},"image":{"@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/7a3a759eceffd2e597d435c34ed3519d","name":"Adam Ipsen","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.backupassist.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d1cb7aaf3e3a12c73b037ce2cd62192517634d57a26edc34ff6b01f40fce1a50?s=96&d=mm&r=g","caption":"Adam Ipsen"},"url":"https:\/\/www.backupassist.com\/blog\/author\/adam-ipsen"}]}},"_links":{"self":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/11121","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/comments?post=11121"}],"version-history":[{"count":0,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/posts\/11121\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/media\/11141"}],"wp:attachment":[{"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/media?parent=11121"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/categories?post=11121"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.backupassist.com\/blog\/wp-json\/wp\/v2\/tags?post=11121"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}