PowerShell Scripts Deployed for Wiper Malware Attacks, INCD Warns
The Israel National Cyber Directorate (INCD) has issued a warning regarding a recent cyberattack employing PowerShell scripts to execute wiper malware. This malicious activity targets endpoints and servers, aiming to erase data and render systems inoperable.
The INCD highlights the significant threat posed by unrestricted or unmonitored use of PowerShell within organizational networks. The advisory emphasizes the importance of understanding this threat and implementing protective measures. The INCD has provided a file of indicators of compromise (IOCs) for integration into relevant organizational security systems, urging diligent monitoring.
Organizations are strongly advised to evaluate and implement methods for restricting access to and monitoring PowerShell activity. The INCD recommends testing these security controls in a non-production environment before deploying them to live systems to ensure effectiveness and compatibility.
Attached Files:
What This Means For You
- Implement strict PowerShell execution policies and robust logging to detect and prevent unauthorized script execution and potential wiper malware deployment.
Related ATT&CK Techniques
Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| INCD Advisory | Malware Execution | PowerShell scripts |
| INCD Advisory | Data Destruction | wiper malware |
| INCD Advisory | System Disruption | endpoints and servers |
Found this interesting? Follow us to stay ahead.