Cylance vs. Malicious Scripts

Background

Malicious scripts have been and will continue to be one of the most effective ways to deliver malware to end user’s computers. Attackers continue to prey on the weakness of humans, tricking them into opening weaponized documents.

Often appearing benign in nature – for example, requesting that you enable macros to view the contents of a “secured” document; more often than not, these documents will quickly infect your computer with some sort of nasty malware.

Watch CylancePROTECT® take on malicious scripts in our video:

VIDEO: Cylance vs. Malicious Scripts

Why are Malicious Scripts an Important Issue and Why Should I Be Concerned?

Whether it’s a new weaponized document designed to deliver the latest variant of Locky, a vast number of other ransomware, or a remote access tool (RAT); scripts in documents may look innocent, until they run and perform their nefarious deed.

Script languages such as PowerShell, VisualBasic and Office document macros make our work and IT operations lives SO much easier. So much automation is done using scripting that many of us would not be able to get through our daily work without them.

While they have their benefits, they also have serious drawbacks. Because they so powerful and can access the system at a very low level – it’s no wonder why malicious actors love to use them so much.

They are a huge concern because in most cases we just can’t disable scripting entirely. For example, if you attempt a Microsoft Exchange Server installation or upgrade without the ability to execute PowerShell, you’ll have a huge meltdown.

If you restrict Accounting from using macros in their Excel documents, you’ll have a group of folks with pitchforks and torches outside your office door.

How Can Cylance Protect Me?

CylancePROTECT offers a feature called Script Control. (Read more...)

This is a Security Bloggers Network syndicated blog post authored by The Cylance Team. Read the original post at: Cylance Blog