Your IT stack is the enemy: How 84% of attacks evade detection by turning trusted tools against you

A financial services firm is under a living-off-the-land (LOTL) attack, a malware-free intrusion leveraging existing system tools. These attacks, which often use valid credentials and legitimate utilities, are increasingly common and hard to detect. Attackers exploit tools like PowerShell and WMI to blend in with normal system activity, evading traditional security measures. Organizations must understand that their own tools are now part of the attackers' arsenal. LOTL tactics account for the majority of modern cyber intrusions, with attackers often exfiltrating data within the first hour. A key challenge is that these attacks can go unnoticed for extended periods, potentially causing significant financial losses. Experts advise focusing on understanding an organization's attack surface and establishing a baseline for normal activity. Implementing strategies like zero trust, microsegmentation, and proactive monitoring of system tool usage are vital. Companies must adopt a new mindset, emphasizing vigilance, continuous verification, and regular threat testing. Finally, the affected financial firm eventually recovered, highlighting the importance of a new approach to cybersecurity.