惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
V2EX - 技术
V2EX - 技术
P
Privacy & Cybersecurity Law Blog
T
The Exploit Database - CXSecurity.com
美团技术团队
WordPress大学
WordPress大学
博客园 - 司徒正美
S
Securelist
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - Franky
Attack and Defense Labs
Attack and Defense Labs
Security Latest
Security Latest
L
LINUX DO - 最新话题
NISL@THU
NISL@THU
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
腾讯CDC
Y
Y Combinator Blog
The Hacker News
The Hacker News
Security Archives - TechRepublic
Security Archives - TechRepublic
IT之家
IT之家
T
Threatpost
Hugging Face - Blog
Hugging Face - Blog
Scott Helme
Scott Helme
S
SegmentFault 最新的问题
Cyberwarzone
Cyberwarzone
C
Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
U
Unit 42
B
Blog
Microsoft Azure Blog
Microsoft Azure Blog
P
Proofpoint News Feed
小众软件
小众软件
V
Vulnerabilities – Threatpost
J
Java Code Geeks
V
Visual Studio Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
A
Arctic Wolf
博客园 - 【当耐特】
Microsoft Security Blog
Microsoft Security Blog
S
Security @ Cisco Blogs
雷峰网
雷峰网
Help Net Security
Help Net Security
The Last Watchdog
The Last Watchdog
Recent Announcements
Recent Announcements
G
Google Developers Blog
C
CERT Recently Published Vulnerability Notes
T
Troy Hunt's Blog
MyScale Blog
MyScale Blog

Business Insights Cybersecurity Blog by Bitdefender

What’s New in GravityZone July 2026 (v 6.75) Bind Link Abuse: One Windows Feature, Many Ways to Blind Your EDR Bitdefender Threat Debrief | July 2026 Trust Under Attack: How Deepfakes Are Rewriting Cybercrime Your AI SOC Won’t Catch Ransomware by Itself 2026 Cybersecurity Assessment: The Gap Between Knowing and Doing Your Last Red Team Tested the Wrong Attack MSP Strategic Defense: Why MDR Is the New Security Baseline for MSPs Technical Advisory: FortiBleed Credential Exposure Campaign Targeting Internet-Facing Fortinet Devices Bitdefender Recognized in the 2026 Gartner® Europe Context: Magic Quadrant™ for Endpoint Protection CISA Mandates Change for Structured, Prioritized Updates and Vulnerability Management Claimed Twice: Five Reasons the Same Ransomware Victim Shows Up Under Two Flags What’s New in GravityZone June 2026 (v 6.74) Bitdefender Threat Intelligence: Built for How Security Teams Work Bitdefender Threat Debrief | June 2026 Cut Complexity in Half While Reducing Risk Across Your Endpoint Environment Bitdefender Named a Visionary in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection How Leading Organizations Turn EDR Into Operational Resilience Bitdefender Supports Ferrari Through Cybersecurity Built on Trust Bitdefender at Infosecurity Europe 2026: Staying Ahead of Faster Threats Endpoint Detection & Response Is Table Stakes Security MSP Strategic Defense: Why Dual-Layer Email Security (SEG + API) Is Now Essential Bitdefender GravityZone: 100% Telemetry in AV-Comparatives 2026 EDR Test Bitdefender Threat Debrief | May 2026 Bitdefender Named an Omdia Champion: What It Means for MSPs Ready to Lead Technical Advisory: ShinyHunters Breach of Instructure Canvas LMS What’s New in GravityZone May 2026 (v 6.73) Endpoint Protection in Practice: How Customers Use Bitdefender to Reduce Risk A Cybersecurity Lifeline for Lean IT Teams: Introducing C.R.E.W. Bitdefender at Black Hat Asia 2026: Disrupt Attacker Playbooks Introducing Extended Email Security What’s New in GravityZone April 2026 (v 6.72) What Mythos Reveals About Zero Trust’s Scope Problem Shut the Front Door on Email Attacks: How to Scale Security Services Without Increasing Workload Technical Advisory: Axios npm Supply Chain Attack - Cross-Platform RAT Deployed via Compromised Maintainer Account Your Biggest Cyber Risk Could Be What You Already Trust RSAC 2026: What to Expect from Bitdefender A Cyber Resilience Agenda: Inside the European Central Bank’s 2026–2028 Priorities AI in Cybersecurity: Is It Worth the Effort for Lean Security Teams? MSP Strategic Defense: Building Compliance on Dynamic Attack Surface Reduction Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident IDC Market Note: Surging Demand for EU Data Sovereignty Drives New Cybersecurity-Cloud Partnership
Introducing Proactive Hardening and Attack Surface Reduction (PHASR) for Linux and macOS
Grzegorz Nocoń · 2026-04-26 · via Business Insights Cybersecurity Blog by Bitdefender

As Linux dominates cloud-native infrastructure and macOS becomes the standard for high-value targets in development and executive leadership, the attack surface is no longer Windows-centric. Modern attack playbooks weaponize Living off the Land (LOTL) binaries–pre-installed, legitimate system tools–to blend malicious activity with normal operations and bypass standard detection telemetry.

To address this attack surface, Bitdefender is extending its Proactive Hardening and Attack Surface Reduction (PHASR) technology by adding support for Linux and macOS to its existing Windows hardening capabilities within the GravityZone unified security platform.

mac-linux-image1

Prevention: The First Line of Defense

GravityZone PHASR serves as a foundational layer of your prevention strategy, utilizing an AI-powered behavioral engine to transition security from passive detection to active hardening. By continuously analyzing user and application activity, PHASR builds unique behavioral profiles for every machine-user combination. This allows you to identify and close unnecessary entry points and move beyond legacy, static rules to proactively neutralize threats at the moment of origin.

mac-linux-image2

PHASR provides consistent, granular protection across Windows, macOS, and Linux environments when deployed as a component of Bitdefender Endpoint Security Tools (BEST) within the full GravityZone stack. For organizations looking to integrate these capabilities into an existing third-party security architecture, PHASR is also available as a standalone agent for Windows and macOS.

Unlike "one-size-fits-all" security, PHASR implements a seamless and adaptive defense. It provides granular, action-level blocking that selectively restricts high-risk behaviors without disrupting the legitimate use of system tools. For example, on Linux, rather than disabling a utility like shred entirely, you can specifically restrict its capability to modify file permissions for unauthorized write access. On Windows, you can restrict PowerShell from executing encoded scripts or making external network connections while keeping its core administrative functions available.

mac-linux-image3

PHASR offers two operational modes to balance automation with administrative oversight. The first mode is Autopilot, which fully automates management of restrictions based on AI-driven behavioral insights. The second mode is Direct Control, which provides actionable recommendations for granular review and manual execution. This allows you to tailor your defense strategy across five attack vectors:

  • Living off the Land (LOTL) Binaries: Pre-installed administrative and operational tools that attackers abuse to perform malicious activities while blending into normal system telemetry
  • Tampering Tools: Utilities used to modify software applications or bypass security controls to disable defensive tools
  • Piracy Tools: Software used to bypass licensing
  • Miners: Unauthorized cryptocurrency mining tools that hijack system resources and degrade performance
  • Remote Admin Tools: Legitimate remote management utilities that attackers weaponize to gain unauthorized access or facilitate data theft

Even if a specific action or tool was blocked by an automated action or manually by you, the Request Access feature ensures business continuity. If a user requires a restricted command or tools for a legitimate task, they can simply request access.

mac-linux-image4

Once you approve the request, access is granted, and PHASR automatically updates the behavioral rules; however, the engine continues to monitor usage patterns for future changes to ensure your attack surface remains as minimal as possible.

How Does PHASR Work to Neutralize the Adversary?

To illustrate the impact of PHASR on your defense, let’s examine a practical attack scenario on a Linux system where attackers gain access by leveraging compromised credentials or unmanaged devices. This typically begins with a silent reconnaissance phase where the adversary can use nmap to map the network topology and identify high-value targets.

To ensure they can return even if their initial entry point is closed, they often abuse administrative tools like adduser to create hidden "backdoor" accounts for long-term persistence. Communication can be established through command-and-control (C2) mechanisms like dnscat2, which allows them to tunnel stolen data through standard DNS traffic to evade traditional firewalls.

To cover their tracks and evade forensic analysis, attackers can weaponize the shred utility to overwrite critical logs and forensic evidence, attempting to leave investigators without any visibility. In cloud-native Linux environments, the breach often culminates in resource monetization, where attackers deploy mining software such as cpuminer to hijack CPU resources, leading to degraded system performance and increase the operational costs.

PHASR applies restrictions, either through automated or manual actions, for each of the tools in this scenario as well as to specific actions within each tool. First of all, this reduces attacker pathways into your environment. And secondly, the PHASR restrictions force attackers to "make noise" rather than easily blend in. Even if an attacker manages to "log in," their ability to operate is limited, allowing earlier detection and remediation by security operation centers (SOC) teams like Bitdefender MDR.

Summary

Expanding PHASR across the major OS platforms enhances the prevention layer, transitioning your defensive posture from a reactive to a proactive one. It is no longer just about catching an attacker in the act, but about shrinking the attack surface. By blocking utilities such as LOTL binaries, PHASR forces adversaries to exhibit noisy behavior.

Ready to see where your organization stands? Bitdefender offers a free Internal Attack Surface Assessment to help you identify which LOTL binaries and administrative tools are currently creating risk in your environment.

For more information on PHASR and its benefits, please visit the Bitdefender GravityZone PHASR page.

If you prefer a more in-depth and technical understanding of PHASR's capabilities, visit the Bitdefender TechZone