Background
Malicious scripts have been and will continue to be one of the most effective ways to deliver malware to end user’s computers. Attackers continue to prey on the weakness of humans, tricking them into opening weaponized documents.
Often appearing benign in nature – for example, requesting that you enable macros to view the contents of a “secured” document; more often than not, these documents will quickly infect your computer with some sort of nasty malware.
Watch CylancePROTECT® take on malicious scripts in our video:
VIDEO: Cylance vs. Malicious Scripts
Why are Malicious Scripts an Important Issue and Why Should I Be Concerned?
Whether it’s a new weaponized document designed to deliver the latest variant of Locky, a vast number of other ransomware, or a remote access tool (RAT); scripts in documents may look innocent, until they run and perform their nefarious deed.
Script languages such as PowerShell, VisualBasic and Office document macros make our work and IT operations lives SO much easier. So much automation is done using scripting that many of us would not be able to get through our daily work without them.
While they have their benefits, they also have serious drawbacks. Because they so powerful and can access the system at a very low level – it’s no wonder why malicious actors love to use them so much.
They are a huge concern because in most cases we just can’t disable scripting entirely. For example, if you attempt a Microsoft Exchange Server installation or upgrade without the ability to execute PowerShell, you’ll have a huge meltdown.
If you restrict Accounting from using macros in their Excel documents, you’ll have a group of folks with pitchforks and torches outside your office door.
How Can Cylance Protect Me?
CylancePROTECT offers a feature called Script Control. This feature allows you to decide which systems are appropriate for different types of scripts to be allowed to execute and also offers the ability to provide an approved location where scripts can be run without intervention. This allows the use of IT automation and software installation/upgrade scripts while still blocking the scripts that do not belong.
CylanceOPTICS™, using its new Context Analysis Engine, allows security to block scripts that behave in strange ways – like downloading files and storing them in non-approved directories, or PowerShell scripts that launch encoded commands (thereby hiding their intent).
Cylance offers deep behavioral protection against the malicious use of scripts, keeping your endpoints protected, while still allowing your power users and IT to keep their time-saving tools in place.