Cybersecurity threats are evolving rapidly, and according to recent findings, attackers are increasingly relying on tools that organizations already trust. In its latest analysis, Bitdefender highlighted that modern cyberattacks often resemble routine administrative activity rather than traditional malware-based intrusions.
In the earlier report titled “Your Biggest Security Risk Isn’t Malware — It’s What You Already Trust,” Bitdefender explained how commonly used utilities such as PowerShell, WMIC, netsh, Certutil, and MSBuild have become popular among cybercriminals. These tools are regularly used by IT teams for legitimate purposes, making malicious activity harder to detect. The company revealed that legitimate-tool misuse was identified in 84% of 700,000 high-severity incidents analyzed.
To help organizations address this growing concern, Bitdefender introduced a complimentary Internal Attack Surface Assessment program. Designed for companies with 250 or more employees, the 45-day assessment aims to identify risky tools, users, and endpoints that could potentially be exploited by attackers while ensuring normal business operations remain unaffected.
The company noted that a standard Windows 11 installation includes 133 unique living-off-the-land binaries (LOLBins) across 987 instances. In addition, Bitdefender Labs found that PowerShell was active on 73% of endpoints, often running silently through third-party applications. According to the report, this indicates that the issue is less about malware and more about excessive permissions and unrestricted tool access.
Industry trends also point toward a shift in cybersecurity strategy. Gartner predicts that preemptive cybersecurity measures will account for 50% of IT security spending by 2030, compared to less than 5% in 2024. It also forecasts that 60% of large enterprises will adopt dynamic attack surface reduction technologies by 2030, up from less than 10% in 2025.
The Internal Attack Surface Assessment operates in four phases over approximately 45 days using GravityZone PHASR, Bitdefender’s proactive hardening and attack surface reduction technology.
The process begins with behavioral learning, where PHASR studies activity patterns for each machine-user combination over roughly 30 days. Organizations then receive an Attack Surface Dashboard featuring an exposure score between 0 and 100, along with prioritized findings related to living-off-the-land binaries, remote administration tools, tampering utilities, cryptominers, and piracy software.
An optional reduction phase allows businesses to apply restrictions either manually or through PHASR’s Autopilot feature. Employees can request restored access through a built-in one-click approval system. The final review measures how much the organization’s attack surface has been reduced and identifies any unauthorized applications or shadow IT risks discovered during the process.
Bitdefender stated that some early-access customers managed to reduce their attack surface by more than 30% within the first month, while one organization reportedly achieved nearly 70% reduction after restricting LOLBins and remote administration tools.
The assessment is intended to benefit multiple stakeholders within an organization. CISOs receive measurable exposure data suitable for board-level reporting, while SOC teams and IT administrators can potentially reduce investigation workloads by eliminati
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: