The past 12 months have seen a precipitous increase in attacks that leverage native Windows utilities. According to the latest McAfee Labs Threats Report, approximately 25,000 such samples were detected per quarter in 2015. Given the false negative rate associated with malware detection software, we can infer that this number is far higher. Of these utilities, PowerShell has provided actors with a full-featured scripting environment and interactive shell from which they can gain execution and persist, often avoiding detection.
During this webinar, we will:
- Explain why traditional security tools are severely outmatched against PowerShell-based threats
- Share multiple threats that Red Canary has detected in the wild and highlight some of the commonalities that we have observed
- Provide you with criteria to aid in your search for suspicious PowerShell activity
- Demonstrate how Carbon Black can identify and disrupt malicious PowerShell activity