Eighty-four percent of major cyberattacks have entailed living-off-the-land techniques, or the exploitation of legitimate utilities, tools, and binaries leveraged in enterprise environments, according to SiliconANGLE.
One-third of high-severity incidents involved the utilization of the Windows network configuration management utility netsh.exe, which was among the most prevalently abused tools alongside powershell.exe, rundll32.exe, cscript.exe, and reg.exe, a report from Bitdefender Labs showed. However, more threat actors have begun harnessing more obscure developer-focused tools, including msbuild.exe, sc.exe, and ngen.exe, to better evade detection. Additional findings also showed significant regional disparities in the exploitation of legitimate tools, with powershell.exe significantly more commonly abused in Europe, the Middle East, and Africa, but reg.exe much more commonly abused in the Asia-Pacific. "Attackers are demonstrably successful in evading traditional defenses by expertly manipulating the very system utilities we trust and rely on daily and threat actors operate with a confident assertion of undetectability," said researchers, who emphasized the need for more sophisticated security solutions.
One-third of high-severity incidents involved the utilization of the Windows network configuration management utility netsh.exe, which was among the most prevalently abused tools alongside powershell.exe, rundll32.exe, cscript.exe, and reg.exe, a report from Bitdefender Labs showed. However, more threat actors have begun harnessing more obscure developer-focused tools, including msbuild.exe, sc.exe, and ngen.exe, to better evade detection. Additional findings also showed significant regional disparities in the exploitation of legitimate tools, with powershell.exe significantly more commonly abused in Europe, the Middle East, and Africa, but reg.exe much more commonly abused in the Asia-Pacific. "Attackers are demonstrably successful in evading traditional defenses by expertly manipulating the very system utilities we trust and rely on daily and threat actors operate with a confident assertion of undetectability," said researchers, who emphasized the need for more sophisticated security solutions.
