<2> Understanding the Threat of ‘Living Off the Land’ Computer Attacks
<3> What are ‘Living Off the Land’ Attacks?
<4> ‘Living Off the Land’ (LOTL) attacks are a type of cyber threat that uses built-in tools and processes within an operating system or software to execute malicious activities. Unlike traditional malware, which relies on external code to cause harm, LOTL attacks leverage the existing functionality of a system to carry out their objectives.
<5> Characteristics of LOTL Attacks
<6> LOTL attacks often exhibit the following characteristics:
– < href='https://who.int/news-room/fact-sheets/detail/cybersecurity' target='_blank'>Cybersecurity threats can be unpredictable and difficult to detect
– Utilization of built-in tools and processes, such as PowerShell, Windows Management Instrumentation (WMI), and Windows Script Host (WSH)
– Manipulation of system files and registry entries to create a hidden backdoor
– Use of legitimate system processes to disguise malicious activity
– Ability to evade traditional security software and detection methods
<7> How to Spot LOTL Attacks
<8> Identifying LOTL attacks can be challenging due to their use of legitimate system tools and processes. However,