ACCORDING to The Hacker News, threat actors are shifting from payloads to what’s already inside your environment, with 84% of high‑severity incidents now described as abusing legitimate tools to evade detection. They exploit built‑in utilities such as PowerShell, WMIC and Certutil, blending their actions with normal operations so investigators struggle to tell legitimate use from malicious activity.
The piece also notes that threat actors are “Living off the Land” and that LOTL attacks are facilitated by a Windows 11 baseline that includes hundreds of native binaries that can be abused. It warns that up to 95% of access to risky tools is unnecessary, creating multiple potential attack paths when permissions are overly broad or unmanaged. Detection alone isn’t enough, as modern, AI‑assisted attacks move faster than security teams can respond, forcing a shift from reactive to proactive defence.
The article promotes Bitdefender’s complimentary Internal Attack Surface Assessment to map exposed tools and prioritise risk, offering visibility into how trusted tools may be used against you.