Originally used by reputed North Korean hackers to attack the global banking sector, the Ratankba downloader trojan has been repurposed into a PowerShell-based variant that appears to be targeting small, non-financial organisations.
With more devices able to connect directly to the web, the IOT s continuously expanding. However, cans of worms are waiting to be opened, including data loss, data manipulation and unauthorised access to devices.
Non-malware-based cyber-attacks were behind the majority of cyber-incidents reported in 2017, despite proliferation of malware available to both the professional and amateur hacker.
Windows vulnerability would allow hackers to subvert PowerShell to bypass the UAC, leaving no trace of having accessed the system.
The ransomware PowerWare that commandeers Microsoft's PowerShell utility to download and run malicious code, now has a variant that mirrors Locky ransomware.
To fly under the radar of security systems, hackers are increasingly using PowerShell, a scripting language inherent in Microsoft systems.
Researchers at FireEye have found that Windows PowerShell, the command-line tool, is vulnerable to two data leaking attacks.