Review: When attackers also use admin tools
What can be learned from the case studies of the Playbook 2021 in which companies are victims of cyber attacks? In a series of articles, Sophos experts travel back into the future and devote themselves to various specific aspects of IT security in order to derive recommendations that can be implemented by everyone. As described in the Sophos Active Adversary Playbook 2021, attackers like to use tools used by IT administrators and security professionals to make it harder to detect suspicious actions. Many of these tools are recognized by security products as "Potentially Unwanted Applications", PUA for short (or RiskWare or RiskTool), are ...