**BlackBasta’s Motto Rings True: 84% of Major Cyberattacks Use Living-Off-the-Land Tools**

“We never drop tools. We use yours.” This ominous mantra from the BlackBasta ransomware group is no empty threat. A new analysis by Bitdefender, covering over 700,000 cyber incidents, has confirmed that 84% of major cyberattacks now leverage *Living-Off-the-Land Binaries and Scripts* (LOLBins) — trusted system tools already present on victims’ machines.

Instead of deploying obvious malware that can trigger alarms, attackers exploit native Windows utilities like **netsh.exe**, **powershell.exe**, and **wmic.exe** to move laterally, exfiltrate data, disable security, or establish persistence. This stealthy approach allows them to operate under the radar, evading traditional antivirus and EDR solutions.

The rise of LOLBin abuse marks a significant shift in attacker tactics. Organizations must now look beyond signature-based detection and focus on behavioral analysis, application whitelisting, and restricting access to critical system utilities to defend against these silent intrusions. As the line between legitimate and malicious tool use blurs, proactive threat hunting becomes more essential than ever.

CheckDot is SAFU