TSMC Eyes 3nm Chip Production in Japan with $17 Billion Kumamoto Investment 
SpaceX Pushes for Early Stock Index Inclusion Ahead of Potential Record-Breaking IPO 
Toyota’s Surprise CEO Change Signals Strategic Shift Amid Global Auto Turmoil 
Nintendo Shares Slide After Earnings Miss Raises Switch 2 Margin Concerns 
Ford and Geely Explore Strategic Manufacturing Partnership in Europe 
Amazon Stock Rebounds After Earnings as $200B Capex Plan Sparks AI Spending Debate 
Tencent Shares Slide After WeChat Restricts YuanBao AI Promotional Links 
FDA Targets Hims & Hers Over $49 Weight-Loss Pill, Raising Legal and Safety Concerns 
Sony Q3 Profit Jumps on Gaming and Image Sensors, Full-Year Outlook Raised 
AMD Shares Slide Despite Earnings Beat as Cautious Revenue Outlook Weighs on Stock 
CK Hutchison Launches Arbitration After Panama Court Revokes Canal Port Licences 
Alphabet’s Massive AI Spending Surge Signals Confidence in Google’s Growth Engine 
Rio Tinto Shares Hit Record High After Ending Glencore Merger Talks 
Nvidia CEO Jensen Huang Says AI Investment Boom Is Just Beginning as NVDA Shares Surge 
Nasdaq Proposes Fast-Track Rule to Accelerate Index Inclusion for Major New Listings 
Nvidia, ByteDance, and the U.S.-China AI Chip Standoff Over H200 Exports 
Prudential Financial Reports Higher Q4 Profit on Strong Underwriting and Investment Gains 
WALTHAM, MASS., April 12, 2016 -- Carbon Black®, a leader in Next-Generation Endpoint Security (NGES), today announced the results from its first Unified Threat Research report, which details how PowerShell, a scripting language inherent to Microsoft operating systems, is being exploited by threat actors to launch cyber attacks.
The report outlines how the Carbon Black Threat Research Team, in conjunction with more than two dozen managed security services provider (MSSP) and incident response (IR) security partners, has increasingly seen PowerShell exploitation during cyber attacks, supporting a growing industry trend of malware authors creatively attempting to evade detection by exploiting native tools on operating systems.
The report (available for download here) reveals some of the techniques attackers are using to leverage PowerShell, how the software is being used, what malicious activities are occurring, and what security professionals can do to battle back.
Among the key findings in this report:
- 38% of incidents seen by Carbon Black partners used PowerShell.
- Nearly one-third (31%) of respondents reported receiving no security alerts prior to their investigation of PowerShell-related incidents, indicating that adversaries are successfully using PowerShell to enter and remain undetected in a company's system.
- 87% of the attacks leveraging PowerShell were commodity malware attacks such as click-fraud, fake antivirus, ransomware, and opportunistic malware.
- Social engineering remains the favored technique for delivering PowerShell-based attacks according to interviews with Carbon Black partners.
- 13% of the attacks involving PowerShell appeared to be targeted or "advanced."
"PowerShell is a very powerful tool that offers tremendous benefit for querying systems and executing commands, including on remote machines," said Ben Johnson, Carbon Black's chief security strategist. "However, more recently we're seeing bad guys exploiting it for malicious purposes because it falls under the radar of traditional endpoint security products."
Partners directly interviewed for this report were: BTB Security, EY (formerly Ernst & Young), Kroll, Optiv, Rapid7 and Red Canary. Twenty-eight Carbon Black partners provided details for the survey we conducted in February 2016.
The report details a specific PowerShell-related case study from Red Canary, an MSSP partner. The case study details a recent example of PowerShell being used to steal credentials via reflective DLL injection.
Recently, the Carbon Black Threat Research Team issued a threat advisory on "PowerWare," a new variant of ransomware that targets organizations via Microsoft Word and PowerShell.
About the Report
In the first quarter of 2016, Carbon Black collaborated with more than two dozen of its IR and MSSP partners to understand how PowerShell is being used for malicious purposes. The data collected comes from direct conversations and a survey, representing more than 1,100 investigations conducted during 2015. The Carbon Black Security Partner Program is the largest of its kind, providing next-generation endpoint security services to countries worldwide. The program includes more than 70 MSSP and IR partners who leverage the Carbon Black Security Platform to help their global customers disrupt, defend and unite in combating today's new breed of cyber-attacks.
About Carbon Black
Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals from IR firms, MSSPs and enterprises to shift the balance of power back to security teams. Only Carbon Black continuously records and centrally retains all endpoint activity, making it easy to track an attacker's every action, instantly scope every incident, unravel entire attacks and determine root causes. Carbon Black also offers a range of prevention options so organizations can match their endpoint defense to their business needs. Forward-thinking companies choose Carbon Black to arm their endpoints, enabling security teams to: Disrupt. Defend. Unite™.
Carbon Black is a registered trademark of Carbon Black, Inc. All other company or product names may be the trademarks of their respective owners.
CONTACT: Kevin Flanagan
Carbon Black
+1 781-856-2589
[email protected]
Kristina LeBlanc
The Medialink Group
+1 508 930-5636
[email protected]
