PowerShell stories

New ransomware Epsilon Red has been found by Sophos researchers who detail the tools, techniques, procedures, and behaviour of the attackers behind it.

“The second quarter of 2020 saw continued developments in innovative threat categories such as PowerShell malware and the quick adaptation by cybercriminals to target organisations through employees working from remote environments.”

The report found that more than half of cybercriminal attacks pivot away from malware-based attacks.

Using different techniques, attackers move laterally through the network, gaining more and more privileged access until they gain entry to their target domain controllers.

To limit the risk of being discovered, attackers operated outside of normal business hours and cashout operations were planned for weekends.