Το PowerShell ήταν η πηγή περισσότερων από το ένα τρίτο των κρίσιμων κενών ασφαλείας που εντοπίστηκαν το δεύτερο εξάμηνο του 2020, σύμφωνα με μια research by Cisco announced today at an RSA conference.
The top threat category identified across all Cisco Secure Endpoints were dual-use tools used for both exploitation and post-exploitation work.
PowerShell Empire, Cobalt Strike, PowerSploit, Metasploit and other similar tools have legal uses, Cisco said in its research, but they have also become tools commonly used by intruders. Such practices are used to avoid detection when running foreign tools or code for system breaches.
"According to Cisco Research, PowerShell is the source of more than a third of critical threats," says Gedeon Hombrebueno, Cisco Secure Endpoint Security Product Manager.
Cisco suggests some steps protectionς που φυσικά, διευκολύνονται με το Cisco Secure Endpoint, αλλά και μερικά άλλα εργαλεία EDR (από το endpoint detection and response).
However, there are some steps that administrators can (and should) take completely free of charge, such as preventing or restricting the execution of PowerShell on accounts outside the administrator by allowing only signed scripts to be executed and the Constrained Language function to be used.
You can read detailed instructions for protecting PowerShell in the following white paper or try it PowerShell Protect
Intel Insights: How to Secure PowerShell