Re: Youtube vid from about 2013? "Living off the land" Derbycom
"Looks like someone's not checking what's running on their critical servers very often."
Or maybe they are checking and don't know how to distinguish between legit code and malware.
Or maybe the malware has hidden itself, given sufficiently privileged access.
Quite a few possibilities.
What's obviously not possible is people (including those at AV companies) looking at running critical parts of the business on an OS that has a bit more solidity than a sieve. Not possible this year anyway. And given the DerbyCon reference was 2013, and Stuxnet was 2010, [and ...], maybe some people don't *want* to think about it. Ever.
Have a lot of fun.