PowerShell security threats greater than ever, researchers warn

Administrators should upgrade to the latest version of Microsoft PowerShell and enable extended logging and monitoring capabilities in the light of a surge in related security threats, warn researchers
Microsoft’s Windows PowerShell configuration management framework continues to be abused by cyber attackers, according to researchers, who have seen a surge in associated threats

hehe

I still think its a gift from Microsoft to exploiters, that exploit the ones that don't understand computers.

I never could fantasize about a easier tool to infiltrate and steal data from a Windows computer then Powershell.
It even comes with flags to make it start up invisible.

My only dream is this becomes such a big issue that microsoft loses business.

1 Like

Hmmm... This article is a little bit of a non-article IMO. Why?

  1. " Set-ExecutionPolicy Restricted" is the Windows default setting for PowerShell.
  2. Companies should not be letting average users have admin accounts on their PC's/Laptops. If they do UAC should be enabled and really the admin privileges should be for a separate account rather than the daily driver account.
  3. When you look through the examples given in the article PoSH is not really the main attack vector for any of the malware listed, it's just something the malware will try to see if it can use. The main attack vector for two of the attacks is Word Macro's -- Really people are we still falling for that old shit?!?
  4. This just emphasises the point I was making on another thread - if you must run Windows, don't think you are the smart exception and disable all updates.

In short if most of the ways PoSH is being exploited here is the same as Bash could be exploited if you are using Linux and foolish in how you configure it and allow stuff to run.

Whilst there are still frequent vulnerabilities found in Microsoft software let's use common sense.... Microsoft try to make their software easy to use and yet people will still ignore/disable the basic safeguards MS put in there... Doh!

Half (50%) of the people at the company I work for has clicked on links to reset passwords in phishing emails. These were test emails sent from the it dept to gauge user risk. Yes, I'd say people are still complete morons that are hopelessly naive.

2 Likes

I support a non-profit project that provides elderly with linux-based systems. They click on just about everything they shouldn't be clicking on... until now: 0 problems. Good configuration of email clients and web browsers, restrictive MAC/RBAC configs, automated updates, and reliable repo maintenance of RPM distros, offers a pretty amazing safety net. The people who are stuck in a mental rut, who won't adapt to how the world has changed, who are literally less willing to adapt than pensioners, are in my opinion but the rest fraction of applied Darwin.

I don't even bother any more, the only thing that matters to me is:
1. Hold the people that use proprietary malware responsible for their reckless endangerment of others: if they are in any professional capacity causing prejudice to consumers or customers because they are still using unsafe software, or software that is closed source so that they cannot check the security level thereof or have it checked by neutral sepcialists, then they should pay for the prejudice they cause in doing so. I actively promote suing companies and people like that, and it works remarkably well because of the inverted burden of proof for professionals vis-à-vis consumers in applicable fields.
2. Make sure the stupidity and ignorance of people that continue to use commercial malware in a professional environment, has no impact on the price non-stupid professionals pay for things like insurance. This has also yielded results, in that the software used is now a factor in risk management for several major insurance companies. It would be unfair to make serious people pay for the unserious people, and people that don't take their responsibility as a professional, should pay more because of that.
3. Try to obtain at least certification standards, if possible legislation, that makes it mandatory for professionals to warn users about the dangers of using proprietary software. The ideal situation there would be to have warnings on boxes of products that are infected with proprietary software that span the majority of the packaging surface, like on cigarette packs. It would be unfair to make open source developers pay for the education of the public, and it's impossible to regulate the marketing of the closed source quacks, a very similar situation to the problem of labelling on food/candy/pop... packaging regulation goes a long way there, at least make them admit what's really in the box and what the people are really paying good money for. There is still a long way to go here.

Here, i thought is was just stupid to run unvetted scripts anywhere ? Lets copy/paste so random script from the internet in powershell.