PowerShell was the source of more than a third of the critical security vulnerabilities identified in the second half of 2020, according to a Cisco survey released today at an RSA conference.
The top class of threats detected across Cisco Secure Endpoints were dual-purpose tools used for both exploit and post-exploitation tasks.
PowerShell Empire, Cobalt Strike, PowerSploit, Metasploit and other similar tools have legitimate uses, Cisco says in its research, but they have also become common tools used by attackers. Such practices are used to avoid detection when running foreign tools or code for system breaches.
"With base According to Cisco's research, PowerShell is the source of more than a third of critical threats," says Gedeon Hombrebueno, Endpoint Security Product Manager at Cisco Secure.
Cisco offers some protection steps that, of course, are facilitated by Cisco Secure Endpoint, but also some other EDR tools (from endpoint detection and response).
However, there are some steps that administrators can (and should) do completely free of charge, such as prevention ή ο περιορισμός της εκτέλεσης του PowerShell σε λογαριασμούς εκτός του διαχειριστή, επιτρέποντας την εκτέλεση μόνο υπογεγραμμένων script και τη χρήση της λειτουργίας Constrained Language.
You can read detailed instructions for protecting PowerShell in the following white paper or try it PowerShell Protect
Intel Insights: How to Secure PowerShell