PowerShell User Execution Threats, Major & Emerging Ransomware
Threat Content Highlights
Threat Profiles
- “Trending & Emerging Threats” weekly update: PowerShell User Execution Threats
- Adversaries have recently used similar schemes to compromise endpoints by social engineering users into copying and pasting malicious commands on their systems, leading to the ingress of post-exploitation tools. This Threat Profile collects multiple Campaigns leveraging this attack method that Tidal has recently added to its knowledge base.
- While each campaign features PowerShell (T1059.001) and User Execution (T1204), variations in both pre- and post-exploitation TTPs have been observed. Beyond reviewing safeguards related to these essential execution Techniques, this Threat Profile can be used to identify additional detection, mitigation, and defense opportunities.
- Monthly updates to Tidal-curated Major & Emerging Ransomware and Trending Techniques Threat Profiles