- Netsh.Ex is the most abusive tool of Windows, and it still hides in a simple look
- Power Shell appears at 73 % closing places not only in the admin hand
- WMIC’s amazing return shows that the attackers are in favor of the tools
A new analysis of 700,000 security incidents has revealed how cyber criminals exploit Microsoft tools widely, which violates the violation system.
Although the trend of invaders who uses the ancestral efficacy, called the Living of the Land (Loot L), is not new, the latest data from the Bit Defnder’s gravity zone platform suggests that it is much wider than the previous idea.
An amazing 84 % high -intensity attacks included the use of binarys already existing on machines. This offers the effectiveness of traditional defense, even when they marketing the best anti -virus or the best malware protection.
Some tools that usually abuse will be very familiar with system administrators, including PowerSheel.Cax and WScript.exe.
However, a tool unexpectedly came from above: Netsh.X. The command line’s utility to manage the network formation, Natish.com was found in a third major attacks – and when it is still used for firewalls and interface management, its appearance in the attack chains shows that its abuse is less likely to be considered less.
Power shells have become a key component of both legitimate operations and malicious activity – although 96 % of organizations use power shells, but it was found to be 73 % of the closing locations, more than its scope, what would be expected only with administrative use.
Butt Defender found, “Third -party applications are running power shell codes without interface” was a common reason.
It makes it difficult to detect the nature of the dual use, especially for the tools that do not support engines familiar with behavior.
This raises questions as to whether the best EPP solutions are properly prepared for calculating this matte between common and blasphemous use.
Another amazing search was the constant use of WMIC.Exe, which Microsoft has outdated.
Despite her age, analysis shows that it is still widespread in the environment, often demanded by software to obtain system information. It is especially attractive when the invaders are trying to mix because of its legitimate appearance.
To tackle this problem, Bit Defender developed PHSR (active hardness and attack levels of attack). The device uses a target approach that is only beyond disabling the tools.
The company said, “PhasR is ahead of blocking the entire tools, it also monitors and prevents specific measures used within the invaders.”
Nevertheless, this approach is not without trade. The basic dilemma, “cannot live with them, cannot live without them”, the solution is not demanded.
