The PowerShell scripting language that runs behind the scenes of every Windows based PC is also one of the tools most favored by hackers. In a new report, it’s been discovered that more than a third of security incidents reported use PowerShell in some way to facilitate the breach.
PowerShell is, as Microsoft describes it, a “task automation and configuration management framework,” built upon the .NET Framework, that facilitates the simplistic management of systems. That’s all well and good, but it’s that power and ease of use which makes it so versatile and useful for nefarious individuals.
This news comes out of a new United Threat Research report from Carbon Black. It cites research that suggests 38 percent of incidents reported to the security firm utilized PowerShell in some form or another. Spread that net further to Carbon Black’s partners, and the number jumps to 68 percent of system breaches having some PowerShell involvement.
Perhaps the most worrying aspect of this report though, is that it discovered 31 percent of all reported incidents involving PowerShell drummed up no security alerts before the threat was discovered.
Part of the reason for that is because PowerShell is most often utilized in some form of computer fraud, whether it’s in the creation of a phony anti-virus programs, or similar pieces of traditionally trustworthy software. It’s also commonly involved in the generation of fake login screens to try and capture user details through phishing and social engineering.
Unfortunately, as Carbon Black’s chief security strategist, Ben Johnson, explained, this isn’t likely to change any time soon. Because PowerShell is so fundamental to the framework of many PCs as we know them, and allows for the simplistic automation of tasks, nobody really wants to curtail its usage, or impair its abilities. We need to “strike a balance between IT automation and security,” said Johnson in a statement. But that balance will be hard to find.