Rising Threats From Trusted Tools

Attacks don’t just come from outside anymore. Hackers now turn trusted admin tools—PowerShell, WMIC, and others—into covert channels for lateral movement. These utilities, meant for system management, have become secret passageways inside organizations, bypassing traditional defenses. The threat has shifted from external malware to misuse of internal tools. Bitdefender’s Internal Attack Surface Assessment tackles this by monitoring real user interactions with these tools over 45 days. It spots where permissions are too broad or abused. This isn’t guesswork; it’s grounded in actual behavior. The result: a clearer view of hidden vulnerabilities and a chance to tighten controls without disrupting business.

Bitdefender’s 45-Day Internal Assessment

Bitdefender’s new Internal Attack Surface Assessment runs a 45-day monitoring program to track how trusted admin tools are used inside an organization. It collects detailed telemetry on tools like PowerShell and WMIC—frequent targets for attackers seeking lateral access. By the end, it delivers a report highlighting where permissions exceed what’s necessary or where legitimate activity overlaps with risky patterns. The goal is to help organizations reduce excessive privileges without halting workflows. Unlike blunt permission cuts, this approach is surgical and practical. The 45-day window captures a representative sample of activity across business cycles but remains brief enough to act quickly. This aligns with Gartner’s forecast that continuous, dynamic attack surface reduction will become standard by 2030. For IT and security teams, it offers a rare, actionable glimpse into internal risk.

Why Internal Attack Surfaces Matter

Internal attack surfaces include all legitimate tools, accounts, and permissions employees and systems use inside a network. These elements are trusted by design, but that trust can be weaponized. Attackers hijack admin tools like PowerShell and WMIC to move laterally, escalate privileges, and stay hidden. The problem is internal attack surfaces are vast and constantly shifting. Users need broad access to do their jobs, but too many permissions create blind spots. Traditional security focuses on blocking external threats, often overlooking these internal pathways. That gap makes internal attack surfaces a prime target for advanced attackers. Bitdefender’s assessment addresses this by observing actual user behavior over 45 days. It reveals which tools are used and how, highlighting unnecessary privileges that can be safely trimmed. This fits with a growing emphasis on reducing attack surfaces from within, not just defending the perimeter.

Targeting Internal Risks to Limit Damage

Misuse of trusted admin tools is reshaping internal security. Attackers blend in with normal activity, making perimeter defenses less reliable. Bitdefender’s 45-day assessment reveals how these tools are used day-to-day inside organizations. This detailed visibility lets security teams identify where permissions are excessive or workflows expose weak spots. The key is balancing risk reduction with operational continuity. Instead of blunt restrictions that disrupt business, companies can make targeted changes based on real data. For IT leaders, this means reducing lateral movement risks without slowing users down. It echoes Gartner’s view that dynamic attack surface management will be standard by 2030. As attackers weaponize trusted tools, internal controls become a critical frontline. Bitdefender’s approach offers a quiet but effective way to shrink internal attack surfaces as threats grow harder to detect.
Ссылка на первоисточник
Emily Carter
Article author
Emily Carter
Science and Technology Journalist Specializing in AI Industry

Emily is a seasoned journalist with over a decade of experience covering breakthroughs in science, technology, and artificial intelligence. She delivers clear, insightful news stories that connect complex innovations to everyday impact.

More articles by the author