INDUSTRY WATCH
and servers. Malicious PowerShell scripts
usually arrive on a user’s machine
through spam emails, gaining a
foothold through social engineering
rather than software vulnerabilities, and
then leveraging the scripts capabilities
to compromise the system.
“Threat hunters must quickly find
artifacts or evidence that could
indicate the presence of an adversary
in the network, helping to contain and
eliminate an attack before it raises an
alarm or results in a data breach.” n
The script-based malware trend
also includes the weaponisation of
JavaScript, VBScript, and other types
of non-executable modules using .doc,
PDF, .xls, HTML, and other benign
standards of personal computing.
Threat Hunting Best Practices
The September report also suggests
techniques to help threat hunters spot
the presence of adversaries in their
environment. Starting with the principles
of what McAfee’s Foundstone group
calls the ‘three big knows’-‘know the
enemy, know your network, know your
tools’ - the report offers best practices
for hunting for command and control,
persistence, privilege escalation, lateral
movement, and exfiltration.
McAfee Q3 2017 Threats
Report Infographic . . . continued
the motive was disruption then both
campaigns were incredibly effective. We
now live in a world in which the motive
behind ransomware includes more than
simply making money, welcome to the
world of pseudo-ransomware.”
The Rise of Script-Based Malware
McAfee researchers also profile the
notable increase in script-based
malware over the last two years. This
Microsoft scripting language is used
to automate administration tasks such
as running background commands,
checking services installed on the
system, terminating processes and
managing configurations of systems
78
INTELLIGENTCIO
“One underlying assumption is that,
at every moment, there is at least one
compromised system on the network,
an attack that has managed to evade
the organisation’s preventive security
measures,” said Ismael Valenzuela,
Principal Engineer, Threat Hunting and
Security Analytics at McAfee.
McAfee Q3 2017 Threats
Report Infographic . . . continued
“MALICIOUS POWERSHELL
SCRIPTS USUALLY
ARRIVE ON A USER’S
MACHINE THROUGH
SPAM EMAILS, GAINING
A FOOTHOLD THROUGH
SOCIAL ENGINEERING
RATHER THAN SOFTWARE
VULNERABILITIES.”
www.intelligentcio.com