Microsoft tool exploits rise sharply in first half of 2024, report shows

In the first half of 2024, the use of Microsoft tools by attackers increased by 51% compared to 2023, according to Sophos. Researchers identified 187 unique Microsoft Living Off the Land Binaries (LOLbins) in 190 cyber incidents. Remote desktop protocol (RDP) was the most commonly abused tool, appearing in nearly 89% of cases. Other frequently used tools included cmd.exe, PowerShell, and net.exe, with abuse rates of 76%, 71%, and 58%, respectively. The report also noted a 12% rise in the use of third-party artifacts by attackers, increasing from 205 to 230. These artifacts include tools like mimikatz and Cobalt Strike, which are used illegitimately on targeted systems.