• Cybercriminals are using legitimate tools to carry out attacks

Hackers are forgoing complex malware tools and are instead commandeering legitimate credentials to launch network attacks, according to research by LightCyber.


The security company found that attackers do use malicious software to gain access to a network. However, once they are in, they are utilising stolen credentials, usual networking and IT administration tools, remote desktop applications and penetration testing software to gather the data they desire. If the initial malware attack goes undetected, activity initiated using valid credentials is then invisible to the organisation.

The report said legitimate operating system tools are not just giving hackers easy access to networks, they allow them to look for specific details and transfer data in and out without triggering malware defences.

LightCyber explained: "Web browsers and other 'good' apps, in the hands of malicious insiders and external attackers, can become weapons to carry out costly attacks."


The study found that popular tools include Angry IP Scanner, PingInfoView, Nmap, Ping, NCrack, Mimikatz, Perl, Windows Credential Editor, Telnet, Private Shell SSH, VMware vSphere Client, TeamViewer, and WinVNC.

The report also said that the average time to detect a breach is 146 days. It added that to combat this, businesses should focus not just on malware detection, but also usage patterns from normal IT tools.

Jason Matlof, executive vice-president of LightCyber said: "Despite these increasingly well understood realities, our industry still has an unshakable obsession with malware." 

Receive your ultimate free* cyber security assessment here