惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Microsoft Azure Blog
Microsoft Azure Blog
Google Online Security Blog
Google Online Security Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
T
Threat Research - Cisco Blogs
C
CXSECURITY Database RSS Feed - CXSecurity.com
L
Lohrmann on Cybersecurity
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Forbes - Security
Forbes - Security
P
Palo Alto Networks Blog
Schneier on Security
Schneier on Security
S
Schneier on Security
T
Tor Project blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
The Hacker News
The Hacker News
Hacker News - Newest:
Hacker News - Newest: "LLM"
罗磊的独立博客
Application and Cybersecurity Blog
Application and Cybersecurity Blog
F
Fortinet All Blogs
博客园 - 三生石上(FineUI控件)
小众软件
小众软件
C
Check Point Blog
Stack Overflow Blog
Stack Overflow Blog
Blog — PlanetScale
Blog — PlanetScale
雷峰网
雷峰网
S
Security @ Cisco Blogs
PCI Perspectives
PCI Perspectives
Spread Privacy
Spread Privacy
W
WeLiveSecurity
SecWiki News
SecWiki News
A
About on SuperTechFans
H
Help Net Security
博客园 - 司徒正美
Recent Commits to openclaw:main
Recent Commits to openclaw:main
爱范儿
爱范儿
S
Securelist
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
月光博客
月光博客
Jina AI
Jina AI
博客园 - 叶小钗
Vercel News
Vercel News
阮一峰的网络日志
阮一峰的网络日志
Recent Announcements
Recent Announcements
S
Secure Thoughts
The Cloudflare Blog
美团技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More

Business Insights Cybersecurity Blog by Bitdefender

What’s New in GravityZone July 2026 (v 6.75) Bind Link Abuse: One Windows Feature, Many Ways to Blind Your EDR Bitdefender Threat Debrief | July 2026 Trust Under Attack: How Deepfakes Are Rewriting Cybercrime Your AI SOC Won’t Catch Ransomware by Itself 2026 Cybersecurity Assessment: The Gap Between Knowing and Doing Your Last Red Team Tested the Wrong Attack MSP Strategic Defense: Why MDR Is the New Security Baseline for MSPs Technical Advisory: FortiBleed Credential Exposure Campaign Targeting Internet-Facing Fortinet Devices Bitdefender Recognized in the 2026 Gartner® Europe Context: Magic Quadrant™ for Endpoint Protection CISA Mandates Change for Structured, Prioritized Updates and Vulnerability Management Claimed Twice: Five Reasons the Same Ransomware Victim Shows Up Under Two Flags What’s New in GravityZone June 2026 (v 6.74) Bitdefender Threat Intelligence: Built for How Security Teams Work Bitdefender Threat Debrief | June 2026 Cut Complexity in Half While Reducing Risk Across Your Endpoint Environment Bitdefender Named a Visionary in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection How Leading Organizations Turn EDR Into Operational Resilience Bitdefender Supports Ferrari Through Cybersecurity Built on Trust Bitdefender at Infosecurity Europe 2026: Staying Ahead of Faster Threats Endpoint Detection & Response Is Table Stakes Security MSP Strategic Defense: Why Dual-Layer Email Security (SEG + API) Is Now Essential Bitdefender GravityZone: 100% Telemetry in AV-Comparatives 2026 EDR Test Bitdefender Threat Debrief | May 2026 Bitdefender Named an Omdia Champion: What It Means for MSPs Ready to Lead Technical Advisory: ShinyHunters Breach of Instructure Canvas LMS What’s New in GravityZone May 2026 (v 6.73) Endpoint Protection in Practice: How Customers Use Bitdefender to Reduce Risk Introducing Proactive Hardening and Attack Surface Reduction (PHASR) for Linux and macOS A Cybersecurity Lifeline for Lean IT Teams: Introducing C.R.E.W. Bitdefender at Black Hat Asia 2026: Disrupt Attacker Playbooks Introducing Extended Email Security What’s New in GravityZone April 2026 (v 6.72) What Mythos Reveals About Zero Trust’s Scope Problem Shut the Front Door on Email Attacks: How to Scale Security Services Without Increasing Workload Technical Advisory: Axios npm Supply Chain Attack - Cross-Platform RAT Deployed via Compromised Maintainer Account RSAC 2026: What to Expect from Bitdefender A Cyber Resilience Agenda: Inside the European Central Bank’s 2026–2028 Priorities AI in Cybersecurity: Is It Worth the Effort for Lean Security Teams? MSP Strategic Defense: Building Compliance on Dynamic Attack Surface Reduction Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident IDC Market Note: Surging Demand for EU Data Sovereignty Drives New Cybersecurity-Cloud Partnership
Your Biggest Cyber Risk Could Be What You Already Trust
2026-03-31 · via Business Insights Cybersecurity Blog by Bitdefender

For years, cybersecurity strategies have been built around a simple assumption: stop malicious files, stop the attack.

Threat actors have evolved.

Today’s attackers don’t need to bring malware into your environment. They’re using what’s already there — trusted tools and legitimate administrative utilities — to move undetected, escalate privileges, and operate in plain sight.

And the hardest reality to accept is this: most organizations don’t know how exposed they are until it’s too late.

Legitimate Tool Abuse You Can’t See

A recent analysis of 700,000 high-severity security incidents revealed two unsettling findings.

  • First: 84% of cyberattacks now abuse legitimate tools to evade detection
  • Second: Specific types of tools and their capabilities are at higher risk of abuse

Upon further analysis, we found that up to 95% of access to these risky tools is completely unnecessary. This is not an edge-case scenario.

Consider a clean Windows 11 environment. A standard installation includes well over a hundred native binaries that can be abused for Living off the Land (LOTL) attacks — tools like PowerShell, WMIC, Certutil, and others that were not designed with adversarial use in mind.

These binaries are trusted by default, deeply embedded in the operating system, and often required for legitimate administrative tasks or necessary for other applications to work. That makes it difficult to restrict them without impacting productivity or creating an administrative nightmare. Trying to detect malicious activity after bad actors have started to abuse these tools is unsustainable because of the difficulty in discerning intent and the speed of modern, AI-enabled attacks.

The risk isn’t just that these tools exist, it’s that most organizations have little visibility into how widely they’re accessible, who can use them, and whether that access is necessary in the first place. This creates a vast, largely unmanaged attack surface hiding in plain sight.

Adding to the problem is that detection and response tools struggle to discern between malicious intent and legitimate work when risky tools trigger alerts. Security teams are left investigating activity that looks routine, often recognizing the threat only after damage has been done.

In effect, your environment can be compromised without triggering the alerts you rely on.

Investing in EDR and XDR remains critical. But if users, or attackers, have unnecessary access to powerful tools, your attack surface is far larger than you realize. Every unnecessary permission creates another potential path an attacker can exploit, without introducing anything suspicious into your environment.

Investigating Legitimate Tool Abuse

If this feels like something you should investigate, you’re right.

But most security teams don’t have the time or resources to map how trusted tools are used across the organization. Identifying where access is excessive, where shadow usage exists, and how those patterns translate into real attack paths is complex and time-consuming.

Even when teams suspect the risk, proving it and prioritizing it is difficult. That’s why this problem often goes unaddressed. Not because it isn’t important, but because it isn’t visible.

Start With More Insight, Not More Tools

Closing this gap starts with understanding your actual exposure and how attackers can exploit it. But it does not need to be complicated or time-consuming if you utilize the complimentary Bitdefender Internal Attack Surface Assessment.

It’s designed to provide a clear, data-driven view into how trusted tools could be used against your organization. And rather than asking your team to run a trial or deploy new tooling, the assessment is structured to be low-bandwidth and guided. It focuses on identifying unnecessary access, highlighting where risk exists, and providing prioritized recommendations, without disrupting users or adding operational burden.

In the end, you’ll get the clarity you need to act with confidence.

From Reactive to Proactive

Security strategies have long focused on detecting and responding to threats. But LOTL attacks demand a shift in thinking. We must couple strong detection with another approach: reducing the number of ways attacks can succeed in the first place.

What if the most effective control isn’t detecting misuse but preventing it altogether? This is where proactive security begins and where many organizations still have blind spots.

See Your Environment the Way Attackers Do

You no longer need to guess where your risks are. You can see them. Bitdefender’s complimentary Internal Attack Surface Assessment helps you understand how attackers could move through your environment by living off the land and abusing the tools you already trust.

Request your free Internal Attack Surface Assessment