PowerShell was the source of more than a third of the critical security vulnerabilities identified in the second half of 2020, according to a Cisco survey released today at an RSA conference.
The top class of threats detected across Cisco Secure Endpoint was tools dual-use used for exploitation work but also after exploitation.
PowerShell Empire, Cobalt Strike, PowerSploit, Metasploit and other similar tools have legitimate uses, Cisco says in its research, but they have also become common tools used by attackers. Such practices are used to avoid detection when running foreign tools or code to compromise systems.
"According to Cisco Research, PowerShell is the source of more than a third of critical threats," says Gedeon Hombrebueno, Cisco Secure Endpoint Security Product Manager.
Cisco offers some protection steps that, of course, are facilitated by Cisco Secure Endpoint, but also some other EDR tools (from endpoint detection and response).
Ωστόσο, υπάρχουν ορισμένα βήματα που οι διαχειριστές μπορούν (και πρέπει) να κάνουν εντελώς δωρεάν, όπως η πρόληψη ή ο περιορισμός της εκτέλεσης του PowerShell σε λογαριασμούς εκτός του διαχειριστή, επιτρέποντας την εκτέλεση μόνο υπογεγραμμένων script και τη χρήση της λειτουργίας Constrained Language.
You can read detailed instructions for protecting PowerShell in the following white paper or try it PowerShell Protect
Intel Insights: How to Secure PowerShell
