Familiar Tools as a Security Risk

A recent analysis by Bitdefender reveals that the greatest security threat to companies does not come from malware, but from the familiar tools that IT teams use daily. The study covers a period of 45 days during which the use of PowerShell, WMIC, netsh, Certutil, and MSBuild was observed. These tools, employed for administrative tasks, are also the preferred means of modern threat actors. The study highlights that many companies focus on securing their networks while neglecting the risks posed by their own administrative tools. These tools can penetrate deep into systems and can be exploited by attackers to steal data or compromise systems.

The analysis shows that the use of these tools has increased in recent years, expanding the attack surface for cybercriminals. Bitdefender points out that most attacks do not occur through sophisticated malware but rather through the exploitation of existing trust relationships within the IT infrastructure. Researchers emphasize that attackers often do not need new tools but rely on those already present in the system. This makes it particularly challenging for companies to detect and neutralize potential threats. The analysis also indicates that many companies lack the necessary security policies to prevent the misuse of these tools.

Often, employees are not adequately trained to recognize the risks associated with using these familiar applications. This allows attackers to operate relatively unhindered by posing as trusted users. Another aspect of the investigation is the need to increase visibility and control over the use of these tools. Companies should be able to monitor their employees' activities and quickly identify suspicious behaviors. The implementation of security solutions specifically aimed at monitoring and analyzing administrative tools is deemed crucial.

The study emphasizes that training employees regarding cybersecurity and the risks posed by familiar tools is of utmost importance. Companies should offer regular training to raise awareness of potential threats and empower employees to make security-conscious decisions. This could significantly reduce the likelihood of a successful attack. Additionally, it is recommended to regularly review and adjust access rights to administrative tools. Only authorized users should have access to critical systems and applications.

Strict control of permissions can help minimize the risk of misuse by insiders or external attackers. The results of Bitdefender's analysis underscore the need for a proactive approach to IT security. Companies must rethink their security strategies and ensure they are prepared not only for external threats but also for internal risks. The use of technologies for threat detection and response specifically targeting the use of administrative tools is considered essential. The study was published on May 17, 2026, and provides valuable insights into the current challenges of cybersecurity. Bitdefender urges companies to revise their security practices and focus on the risks posed by the tools they use daily.