Hackers are abusing Microsoft tools more than ever before




  • The rise in LOLbins used in attacks this year has been significant
  • Most common ones used include RDP, PowerShell, cmd.exe, and net.exe
  • Sophos has shared mitigation tips for anyone affected

The rise in the abuse of Microsoft’s LOLbins (Living Off the Land binaries) in the first half of 2024 has been nothing short of alarming, a new report from Sophos has claimed.

The Sophos 2024 Active Adversary Report, which analyzes cases handled by its Incident Response (IR) and Managed Detection and Response (MDR) teams, says that in H1 of this year, hackers used 187 LOLbins in their attacks, a 51% increase compared to 2023. In 2021, the team observed exactly 100 LOLbins used.



Source link

Leave a Reply

Your email address will not be published. Required fields are marked *