Microsoft PowerShell Increasingly Exploited By Hackers To Wreak Windows Havoc

Microsoft’s PowerShell scripting language and shell framework is increasingly being used to create malware and exploited as an attack vector by hackers, according to research from cybersecurity firm Symantec.

PowerShell has become the de facto tool for task automation and the configuration on management frameworks in Windows operating systems with deep access to the system’s functions, replacing the old command line function as the default tool with the Windows 10 Creators Edition, due for arrival in 2017.

Given it is PowerShell is often activated by default on Windows machines and has been around for a decade, it is ripe for exploitation by hackers who have had more than enough time to get to grips with the tool.

As such a mass rollout of PowerShell with Windows could put users of Microsoft’s latest operating system under fire from hack attacks and malware making use of the shell framework.

PowerShell problems

PowerShell scripts are frequently used in legitimate administration work. They can also be used to protect computers from attacks and perform analysis,” Symantec’s research, entitled The Increasing use of PowerShell in attacks, explained.

“However, attackers are also working with PowerShell to create their own threats. Of all of the PowerShell scripts analysed through the Blue Coat sandbox, 95.4 percent were malicious. We have seen many recent targeted attacks using PowerShell scripts.

“For example, the Odinaff group used malicious PowerShell scripts when it attacked financial organisations worldwide.

“Common cyber criminals are [using] PowerShell as well, such as the Trojan.Kotver attackers, who used the framework to create a fileless infection completely contained in the registry.”

The versatile nature of PowerShell and its ability to easily access all major functions within a Windows operating system is what has given it the scope to become a pervasive hacker tool, as well as a useful function for system administrators.

PowerShell is also appealing to hackers as its can mask the virtual footsteps of hack attacks through the obfuscation of scripts, though by default such commands leave little traces of their presence, which helps keep cyber attacks exploiting PowerShell from being detected by security software.

Whitepaper: Achieving mission-critical application performance with SQL Server

Depending on the configuration of PowerShell-based cyber attacks, they can also by pass application-whitelisting tools and execute malware payloads directly from memory, making hack attacks stealthier.

Symantec advised that system administrators ensure the keep a close eye on the version of PowerShell they are using and make use of extended monitoring and logging options, which can assist the performance of forensic analysis should a breach happen through the use of PowerShell.

The use of native tools to conduct cyber attacks is worrying as they can be used to seize control of a machine and then execute ransomware attacks to wreak further havoc and force victims to part with money in order to gain back control over their computer and its data.

Quiz: Are you a security pro?

Roland Moore-Colyer

As News Editor of Silicon UK, Roland keeps a keen eye on the daily tech news coverage for the site, while also focusing on stories around cyber security, public sector IT, innovation, AI, and gadgets.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

10 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

13 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

14 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

15 hours ago