paint-brush
What is the “Living off the Land”(LotL) Attack Tactic in Cybersecurity?by@noonerhack
271 reads

What is the “Living off the Land”(LotL) Attack Tactic in Cybersecurity?

by Vinu Joseph
Vinu Joseph HackerNoon profile picture

Vinu Joseph

@noonerhack

Platform Engineer: AWS Cloud, Security, Cost Optimizations, Compliance

January 8th, 2022
Read on Terminal Reader
Read this story in a terminal
Print this story
Read this story w/o Javascript
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

Picture a mouse that enters a house when the door is left open. It makes its way into the attic where it stays put in some inaccessible location. Every night once the residents of the home sleep, the mouse comes out to get its ration for the day. The mouse revels in its newfound invincibility and literally feasts on all the resources it can find. This goes on for weeks (or in worst cases months) before the owners of the house sense something unusual happening inside the house and take corrective action. The mouse would be eliminated one way or another but after considerable damage is done. This is a ‘cute’ tale that can be used to explain “Living off the Land”(LOTL) attack tactic in Cybersecurity. Here, threat actors gain illegitimate access to an information system. The administrators of the system have no clue about the break-in. The illegal entrants use tools, resources, or anything useful on the system, to gain further access to sensitive data/assets. They comprehensively go through the system to steal any useful information available on it. Generally, no malware is installed on the system, hence it is harder to detect malevolent activities. This goes on for weeks or in worst cases months, before it is detected by the host organization. By then all valuable & sensitive data are stolen and used for nefarious purposes.

Company Mentioned

Mention Thumbnail
Keep
featured image - What is the “Living off the Land”(LotL) Attack Tactic in Cybersecurity?
1x
Read by Dr. One voice-avatar

Listen to this story

Vinu Joseph HackerNoon profile picture
Vinu Joseph

Vinu Joseph

@noonerhack

Platform Engineer: AWS Cloud, Security, Cost Optimizations, Compliance

About @noonerhack
LEARN MORE ABOUT @NOONERHACK'S
EXPERTISE AND PLACE ON THE INTERNET.



Picture a mouse that enters a house when the door is left open.


It makes its way into the attic where it stays put in some inaccessible location. Every night once the residents of the home sleep, the mouse comes out to get its ration for the day.


The mouse revels in its newfound invincibility and literally feasts on all the resources it can find. This goes on for weeks (or in worst cases months) before the owners of the house sense something unusual happening inside the house and take corrective action.


The mouse would be eliminated one way or another but after considerable damage is done.


This is a ‘cute’ tale that can be used to explain “Living off the Land”(LOTL) attack tactic in Cybersecurity.


Here, threat actors gain illegitimate access to an information system. The administrators of the system have no clue about the break-in. The illegal entrants use tools, resources, or anything useful on the system, to gain further access to sensitive data/assets.


They comprehensively go through the system to steal any useful information available on it. Generally, no malware is installed on the system, hence it is harder to detect malevolent activities.


This goes on for weeks or in worst cases months, before it is detected by the host organization. By then all valuable & sensitive data are stolen and used for nefarious purposes.


How do we prevent LOTL Attacks?


Here are some techniques:


  • “Limit chances of illicit access to the network. Think Two-Factor Authentication.

  • Zero Trust security implementations.

  • Well-designed firewalls and security groups.

  • Effective policy on password rotation and expiration.

  • Monitoring of keys and certificates.

  • Keep security software and operating systems up to date.

  • Set session time-outs.”


(Source)


Question to Cybersecurity Experts:


What are other ways of limiting LOTL attacks? Your expert strategies are much anticipated! Share your opinion via this writing prompt.


Until next time.

- VJ


image


L O A D I N G
. . . comments & more!

About Author

Vinu Joseph HackerNoon profile picture
Vinu Joseph@noonerhack
Platform Engineer: AWS Cloud, Security, Cost Optimizations, Compliance

TOPICS

THIS ARTICLE WAS FEATURED IN...

Permanent on Arweave
Read on Terminal Reader
Read this story in a terminal
 Terminal
Read this story w/o Javascript
Read this story w/o Javascript
 Lite
Essentials
Learnrepo
Kavin
Allella
Leftic
Learnrepo
X REMOVE AD