Cyber Security

Warning! Hackers Can Misuse Your Legitimate Tools

According to Kaspersky Lab, a Russian-based multinational cybersecurity and anti-virus provider, cybercriminals use software developed for regular user activity, administrative tasks, and system diagnostics. Hackers use these legitimate remote management tools to avoid getting caught quickly after carrying out their attacks. The report highlighted that attackers abused 18 various legitimate tools for malicious purposes. In this article at Security Intelligence, David Bisson explains some of the cybersecurity incidents that involve the misuse of legitimate services.

The Current Trends

As hackers use legitimate management tools, cybersecurity personnel find it difficult to discern between regular user activity and malicious activity. “This difficulty gives attackers more time to access an organization’s network, discover its critical assets and target sensitive information,” explains David.

Nearly one-third (38.6%) of these malicious incidents detected by Kaspersky Lab involved cybercriminals misusing legitimate services used in executing code. The Russian security firm also revealed that PowerShell and PsExec are the most widely misused services by attackers. PowerShell is a powerful administration tool used by many organizations to gather information. On the other hand, PsExec is a console application intended to launch processes on remote endpoints.

With these tools, attackers gather information about corporate networks and then conduct lateral movement, such as changing the hardware and software settings or carrying out some malicious action.

Ways to Prevent

For many organizations, it is impossible to exclude these tools. However, adequately deployed logging and monitoring systems will undoubtedly help detect suspicious activity in the network and complex attacks at the initial stage. Additionally, security professionals must monitor user and network behavior and correlate these observations with known threat indicators. Besides, organizations must restrict access to remote management tools from external IP addresses. The organizations must enforce a strict password policy for all the IT systems and deploy multi-factor authentication.

Knowing the biggest threats to your organization is the first step towards protecting confidential data. However, it takes a lot of hard work, expertise, and vigilance to minimize your cybersecurity risks. To read more about the misuse of legitimate services, click on

Show More

Nivedita Gopalakrishna

Nivedita Gopalakrishna is currently working as a Content Specialist with CAI. She has more than eight years of experience in blogging, copywriting, and ghost-writing. Nivedita started her career as a reporter/sub-editor in one of the reputed newspaper organizations in India. She went on to pursue her career as a content analyst in an Indian-based company, Brickwork India Pvt Ltd. Nivedita has assisted several overseas clients with SEO-friendly content for B2C copies, blogs, product descriptions, newsletters, sales letters, e-books, and research papers. When she is not at her computer, you can find her either reading vintage novels or singing Indian classical music.

Back to top button

We use cookies on our website

We use cookies to give you the best user experience. Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.