Living off the Land (LotL) Attack
Living off the Land (LotL) attack is a technique used by cyber criminals to hide their malicious activities on a victim’s computer. It is a process in which the attacker uses existing tools and applications on the compromised system to carry out the attack, instead of downloading and installing new malware.
This means that LotL attacks do not leave any new traceable footprints that can easily be detected by antivirus software. Instead, they use the system’s built-in utilities and applications to gain access, move laterally and exfiltrate data. For example, the attacker might use a built-in PowerShell command or script to carry out the attack instead of downloading an external malware.
LotL attacks enable cyber criminals to remain undetected for longer periods of time, as they can bypass security measures that are designed to prevent malicious software from being installed on the system. Additionally, they can also evade detection by security monitoring tools that are only looking for specific malware signatures.
Therefore, it is important to be vigilant and use multiple layers of defense to protect against such attacks, including proactive system monitoring, restricting administrative privileges, and keeping software up to date with the latest patches and updates.