84 percent of attacks now use legitimate tools

No Comments
Glowing security padlock

New research from Bitdefender shows that 84 percent of high severity attacks are using Living off the Land (LOTL) techniques, exploiting legitimate tools used by administrators.

One of the findings is that the netsh.exe tool -- used for network configuration -- management is the most frequently abused tool, appearing in a third of major attacks. While checking firewall configurations is a logical initial step for attackers, this clearly demonstrates how data analysis can spotlight trends that human operators might instinctively disregard.

Other frequently exploited tools include the PowerShell.exe command-line shell and scripting language, Reg.exe, a command-line tool allows administrators to query, change, add, or remove registry entries, and Csc.exe, the Microsoft C# compiler.

The study also highlights the widespread use of PowerShell.exe in business environments. While nearly 96 percent of organizations in the dataset legitimately utilize PowerShell, the expectation was that its execution would be limited primarily to administrators. However, the research detected PowerShell activity on a staggering 73 percent of all endpoints. Further investigation revealed that PowerShell is frequently invoked not only by administrators (for things like logon/logoff scripts), but also by third-party applications running PowerShell code without a visible interface.

There are regional differences in tool deployment, for example PowerShell.exe showed a notably lower presence in the Asia-Pacific region, at just 53.3 percent of organizations in the dataset. This stands in sharp contrast to EMEA, where analysis indicates a much higher adoption rate of 97.3 percent.

The reports authors conclude, "Attackers are demonstrably successful in evading traditional defenses by expertly manipulating the very system utilities we trust and rely on daily -- and threat actors operate with a confident assertion of undetectability. This stark reality demands a fundamental shift towards security solutions like Bitdefender's PHASR, which moves beyond blunt blocking to discern and neutralize malicious intent within these tools."

The full report is available on the Bitdefender site.

Image credit: Ruslan BatiukDreamstime.com

No Comments
Got News? Contact Us

Recent Headlines

In the latest Windows 11 Canary build, Microsoft introduced major Start menu and Taskbar changes that can’t roll out fast enough

Microsoft announces European Security Program to help protect the EU from cyber threats for free

Belkin goes all in on Nintendo Switch 2 with new gaming accessories

Nintendo erases gender from Miis on Switch 2 in what some see as a direct slap at conservatives and traditional family values

Anker SOLIX F3000 aims to keep your home running when the grid fails

Cloud complexity puts strain on traditional security models

Can more tools lead to worse cloud security?

Most Commented Stories

Windows 7 Reloaded solves Windows 11's biggest problem -- download it now

42 Comments

Nintendo says your Switch 2 isn’t really yours even if you paid for it

27 Comments

Move over Windows 11, Windows 12 is the Microsoft operating system we need

25 Comments

Microsoft has finally relented and is giving Windows 11 users the new Start menu they want

23 Comments

Trump tells Apple: Make iPhones in America or face 25 percent tariff

16 Comments

Crapfixer 1.0 is here to fix Windows 11 and turn it into the operating system you deserve -- download it now!

13 Comments

Microsoft is ruining Notepad with pointless formatting in Windows 11

11 Comments

Donald Trump secures China trade deal that may ease smartphone and PC prices

10 Comments

© 1998-2025 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.