Cybercriminals don’t need fancy tools or tricks to carry out their attacks. Legitimate IT tools are just as effective.
Security company LightCyber found in a recent analysis of attack activity data gathered from customers that while attackers may use malware to gain a foothold on the network, they rely on stolen credentials and standard networking and IT administration tools, remote desktop applications, and penetration testing software to move laterally across the network. If anti-malware tools misses the initial infection, the attackers’ subsequent activity is invisible to the organization.
Legitimate IT tools and features built into the operating system let attackers easily move around the network, gather necessary information, and transfer data out without triggering any alarms from security defenses focused on malware detection. Tools included Angry IP Scanner, PingInfoView, Nmap, Ping, NCrack, Mimikatz, Perl, Windows Credential Editor, Telnet, Private Shell SSH, VMware vSphere Client, TeamViewer, and WinVNC, LightCyber found.