When Scripts Attack, WildFire Protects

By 
Jan 16, 2019
2 minutes
23 views
Cybersecurity
Products and Services
Secure the Enterprise
AutoFocus
DarkHydrus
WildFire
Xbash

Adversaries look for fast and easy ways to steal data. Among the many techniques in their playbooks, using scripts is a quickly growing trend. Why? It requires minimum human intervention, automates manual steps, and gets them to their malicious goals faster.

Scripting is an extremely useful tool. It allows administrators and power-users to automate repetitive tasks and multitask effectively. If you have ever opened a Microsoft Office file, you have probably encountered “macros”, which may execute VBScripts. These tools help accelerate productivity,  but can also be used for a darker purpose . Adversaries can leverage scripting languages to ingest and execute code, exploit vulnerabilities in the system, and potentially gain privileged access.

Attackers are continuously finding clever new ways to hide these malicious scripts in seemingly safe content. For example, they can use password-protected archive formats (.ZIP, .RAR), or embed them in commonly used Windows PE files and documents , successfully evading legacy sandboxing tools. In most cases, attackers use social engineering techniques to build emails to deliver the script that appears to be from a trusted source within the company, increasing the chances of an employee engaging with it.

 

How WildFire Protects

Palo Alto Networks WildFire malware prevention service added an innovative new detection technique to mitigate script-based attacks. When scripts are identified traversing the network, our Security Operating Platform immediately identifies and forwards the files to WildFire for analysis and execution. In order to reveal even the most evasive advanced attacks, WildFire utilizes multiple techniques including static analysis and dynamic analysis to identify the true intent of the script. Once the verdict is determined, protections are shared with the global community within minutes, spreading immunity worldwide.

 

WildFire now supports the following scripts filetypes:

 

Script Support

  • JScript (.js,)
  • VBScript (.vbs)
  • PowerShell Script (.ps1)
  • Shell Script (.sh)

 

Protocols:

  • HTTP, HTTPS
  • FTP
  • POP3, SMTP, IMAP
  • SMB

 

If you want to learn more about WildFire script support and how it works, go to our LIVE Community page of active engagement and discussions.

 

Related Blogs

Our library of online content is here to help you learn more, no matter what format you prefer or which topic interests you most.

Secure the Enterprise

SEGA Europe: You Cannot Protect What You Cannot See

Endpoint, Products and Services, Secure the Enterprise

Traps: Fighting Threats With Cloud-Based Malware Analysis

Cybersecurity, Products and Services, Secure the Future

Machine Learning: Your Unfair Advantage Against Attackers

Cybersecurity, Products and Services, Secure the Enterprise, Security Platform

Available Now: Custom App-ID for FIFA World Cup 2018

Products and Services, Threat Prevention

UPDATED: Palo Alto Networks Protections Against WanaCrypt0r Ransomware Attacks

Points of View, Products and Services

Palo Alto Networks and Coordinated Enforcement for Malware

Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.

Get the latest news, invites to events, and threat alerts

Popular Resources

Legal Notices

Popular Links