How Threat Actors Turn Legitimate Tools into Weapons

How Threat Actors Turn Legitimate Tools into Weapons

https://www.infosecurity-magazine.com/blogs/how-threat-actors-turn-legit-tools/

Publish Date: 2026-03-18 04:59:33

Source Domain: www.infosecurity-magazine.com

Summary of Article

Shakespeare’s Macbeth may be centuries old, but the deceptive strategies Lady Macbeth espouses in its opening Act resonate powerfully in today’s cyber battleground. In line with her advice to “look like the innocent flower, but be the serpent under it,” modern cybercriminals disguise their malign intentions behind familiar tools trusted within organizations. Attackers now use “Living-off-the-Land” (LotL) tactics by leveraging these usual tools to exploit trust, with recent studies showing that 84% of severe cyber-attacks now utilize legitimate, existing applications. Cyberattacks are growing more complex and difficult to detect as hackers hijack trusted tools such as Microsoft Office macros and PowerShell, used by employees for seemingly legitimate purposes yet repurposed to execute malicious activities. Although over 60% of cybersecurity leaders recognize the need to shrink their attack surface, the challenge lies in finding a balance between productivity and security. Advanced solutions like Bitdefender’s GravityZone PHASR employ behavioral analytics to proactively harden and reduce the attack surface by identifying and restricting unnecessary tools, thus optimizing both productivity and security.

Key Points:

• Modern cyberattacks frequently exploit legitimate tools using “Living-off-the-Land” (LotL) techniques.
• An analysis showed that 84% of severe cyber-attacks now use legitimate applications already present in environments.
• Sophisticated attackers employ common, trusted tools such as Office macros and PowerShell to circumvent traditional security measures.
• Bitdefender’s GravityZone PHASR employs machine learning-based behavioral learning for proactive hardening and precise attack surface reduction.
• Proactive hardening helps to prevent the uniform, easily detectable security measures that attackers often exploit.