Re: Editorial question
Trying to do the math:
29% - phishing attacks of which 45% (13% overall) were "business email compromise"
43% - unsecured public facing systems
At this point, I still don't know what proportion of attacks used Powershell, so i read the IBM press release and get:
"More than half of cyberattacks (57 percent) leveraged common administration applications like PowerShell and PsExec to evade detection". Only now I'm at almost 140% of attacks so I assume there is some overlap and if a large chunk of that is unsecured public facing systems, then the answer is likely the convenience of Powershell vs bring your own tools that might trip AV scanners.
Assuming good practices are followed (privilege separation between user and any administrative accounts, LAPS for administrative access to workstations, regular password changes for administrative user accounts/ widely used service accounts on workstations, disabling cached credentials where possible, patching, web access filtering, local AV/malware prevention), has there been an actual rise in attacks/successful attacks because of Powershell/PsExec?
Biting the hand that feeds IT
