Cloud 101CircleEventsBlog
Join us at CSA's third annual Virtual Zero Trust Summit from November 20 - 21. Register now!

View Resource

Identifying and Mitigating Living Off the Land Techniques
Identifying and Mitigating Living Off the Land Techniques

Identifying and Mitigating Living Off the Land Techniques

Release Date: 02/08/2024
Organization: ASD's ACSC
Content Type: Guidance
Solution Provider Neutrality: Neutral
This joint guidance for network defenders focuses on how to mitigate gaps and to detect and hunt for LOTL activity. The information in this guide is derived from a previously published joint advisory; incident response engagements undertaken by several of the authoring agencies; red team assessments by several of the authoring agencies using LOTL for undetected, persistent access; and collaborative efforts with industry.

The authoring agencies have observed cyber threat actors, including the People’s Republic of China (PRC) and Russian Federation state-sponsored actors, leveraging LOTL techniques to compromise and maintain persistent access to critical infrastructure organizations. The authoring agencies are releasing this joint guide for network defenders (including threat hunters) as the malicious use of LOTL techniques is increasingly emerging in the broader cyber threat environment.

Cyber threat actors leveraging LOTL abuse native tools and processes on systems. They use LOTL in multiple IT environments, including on-premises, cloud, hybrid, Windows, Linux, and macOS environments. LOTL enables cyber threat actors to conduct their operations discreetly as they can camouflage activity with typical system and network behavior, potentially circumventing basic endpoint security capabilities. This is where a Zero Trust strategy can help.

View this Resource

Interested in helping develop research with CSA?