Threat Insight: PowerShell Suspicious Scripting
For years, organizations and IT professionals have turned to Microsoft’s PowerShell for its efficiency and ease of use.
It provides a well-integrated command-line experience for the operating system, and a simple way to manipulate server and workstation components. PowerShell is often treated as more secure than running most other scripting languages, and sometimes even treated as a ‘trusted’ application by security software and administrators.
Unfortunately, it has become increasingly common for cybercriminals to leverage PowerShell as a springboard into your organization and beyond. This abuse of legitimate tools like PowerShell is not new, but is on the rise as cybercriminals find new ways to use the tools combined with other tactics and techniques.