PowerShell Security Threats Greater Than Ever, Researchers Warn

Microsoft's Windows PowerShell configuration management framework continues to be abused by cyber attackers, according to researchers at Symantec, who have seen a surge in associated threats. From a report on ComputerWeekly: More than 95% of PowerShell scripts analysed by Symantec researchers have been found to be malicious, with 111 threat families using PowerShell. Malicious PowerShell scripts are on the rise, as attackers are using the framework's flexibility to download their payloads, traverse through a compromised network and carry out reconnaissance, according to Candid Wueest, threat researcher at Symantec.

Well...

[The-Ixian]

Good thing MS had the foresight to make sure that non-signed PS scripts aren't executable by default.

Of course... sysadmins generally disable that restriction just like they turn of UAC... MS makes a security measure and people disable it and then complain that MS is so insecure.

But then Linux is insecure in a lot of the same ways... it's only as secure as the weakest link... which is generally the apps running on it.

Re:Replacing CMD

[houstonbofh]

Or, to rephrase, powerful tools are powerful tools. The main reason PowerShell can do more damage is because it can do more stuff.

Well duh

[Billly+Gates]

WHen you run powershell as an admin it can do bad things. Who would have thought? I wonder if Linux is vulnerable if someone is logged in as root?

Powershell is not enabled with an execution policy by default. It has to be enabled and most people do not even know what it is so this is no threat? At work we have a GPO that blocks powershell for any non AD admin.