Microsoft’s silent network tool is the dream of a hacker and security software has still not caught
- Advertisement -
Related Posts
- Advertisement -
- Netsh.exe is the most abused Windows tool, and it still hides in sight
- Powershell appears at 73% of the end points, not only in Admin -Handen
- WMIC’s Surprising Comeback shows that attackers prefer tools anyone anymore
A new analysis of 700,000 security incidents has shown how extensive cyber criminals are trusting trusts Microsoft Tools to unnoticed systems unnoticed.
Although the trend of attackers who use native utility programs, known as Living Off the Land (LOTL) tactics, is not new, the newest data from the Bitdefender’s gravity zone platform suggests that it is still widespread than previously believed.
A stunning 84% of the high -quality attacks included the use of legitimate systeminaries that are already present on machines. This undermines the effectiveness of conventional defenses, even those that are marketed as the Dear Antivirus or Best Malware Protection.
Some of the most abused tools are very well known to system administrators, including Powershell.exe and wscript.exe.
However, one tool unexpectedly came to the top: Netsh.exe. A command tool for managing network configuration, Netsh.exe was found in a third of the major attacks – and although it is still used for firewall and interface management, the frequent appearance in attack chains that the potential for abuse is underestimated.
Powershell remains an important part of both legitimate activities and malignant activities – although 96% of the organizations use Powershell, it was found at 73% of the end points, much further than the reach of what would only be expected from administrative use.
Bitdefender found: “Applications of third parties with Powershell code without a visible interface” were a common cause.
This nature of double use makes detection difficult, especially for tools that are not supported by behavioral engines.
It raises questions about whether the Best EPP Solutions are sufficiently coordinated to explain this blurry line between normal and nasty use.
Another surprising finding was the continuous use of WMIC.EXE, a tool that Microsoft has outdated.
Despite its age, the analysis shows that it is still large -scale in environments, often called by software search for system information. It is especially attractive when attackers try to go up because of its legitimate appearance.
To tackle this problem, Bitdefender Phasr developed (proactive paving and attack surface reduction). This tool uses a targeted approach that goes beyond the simply switching off tools.
“Phasr goes further than blocking entire tools, it monitors and also stops the specific actions that attackers use in it,” the company said.
Yet this approach is not without considerations. The fundamental dilemma, “can’t live with them, can’t live without them”, remains unsolved.
Maybe you like it too
- Advertisement -
