A recent analysis by Bitdefender highlights a critical shift in the landscape of cybersecurity threats; the most significant risks are no longer external malware attacks but rather the misuse of trusted administrative tools within organizations. Tools like PowerShell, WMIC, and Certutil, which are typically employed for legitimate IT administration, have become favored instruments for cybercriminals. The study suggests that organizations must scrutinize their reliance on these utilities, as their widespread use can inadvertently provide threat actors with opportunities for exploitation.
For businesses, this finding underscores the necessity of enhancing monitoring and governance over administrative activities. By observing how these tools are used over a 45-day period, organizations can better understand their real attack surface and identify potential vulnerabilities. This proactive approach not only helps in reinforcing security measures but also encourages a culture of vigilance among IT teams. As the line between trusted operations and potential threats blurs, this analysis serves as a critical reminder that cybersecurity strategies must evolve to address risks from within, making it imperative for organizations to integrate robust monitoring and response mechanisms into their cybersecurity frameworks.
---
*Originally reported by [The Hacker News](https://thehackernews.com/2026/05/what-45-days-of-watching-your-own-tools.html)*