Picture a mouse that enters a house when the door is left open.
It makes its way into the attic where it stays put in some inaccessible location. Every night once the residents of the home sleep, the mouse comes out to get its ration for the day.
The mouse revels in its newfound invincibility and literally feasts on all the resources it can find. This goes on for weeks (or in worst cases months) before the owners of the house sense something unusual happening inside the house and take corrective action.
The mouse would be eliminated one way or another but after considerable damage is done.
This is a ‘cute’ tale that can be used to explain “Living off the Land”(LOTL) attack tactic in Cybersecurity.
Here, threat actors gain illegitimate access to an information system. The administrators of the system have no clue about the break-in. The illegal entrants use tools, resources, or anything useful on the system, to gain further access to sensitive data/assets.
They comprehensively go through the system to steal any useful information available on it. Generally, no malware is installed on the system, hence it is harder to detect malevolent activities.
This goes on for weeks or in worst cases months, before it is detected by the host organization. By then all valuable & sensitive data are stolen and used for nefarious purposes.
How do we prevent LOTL Attacks?
Here are some techniques:
-
“Limit chances of illicit access to the network. Think Two-Factor Authentication.
-
Zero Trust security implementations.
-
Well-designed firewalls and security groups.
-
Effective policy on password rotation and expiration.
-
Monitoring of keys and certificates.
-
Keep security software and operating systems up to date.
-
Set session time-outs.”
Question to Cybersecurity Experts:
What are other ways of limiting LOTL attacks? Your expert strategies are much anticipated! Share your opinion via this writing prompt.
Until next time.
- VJ