And how can you defend against them?
Get the "Security your supply chain" white paper

What are "living off the land" attacks?

And how can you defend against them?

"Indirect attacks against weak links in the supply chain now account for 40 percent of security breaches," according to Accenture Security's State of Cybersecurity Report 2020. Companies across sectors have been shoring up their cybersecurity defenses with technologies such as firewalls, endpoint protection, and Network Detection and Response, but one area remains overlooked: Securing the supply chain.

While the objectives of supply chain attacks differ, the tools, tactics, and procedures are not commonly any different from traditional cyber attacks. Understanding the most common attacks, however, will allow you to plan and prepare response plans.

One common tactic is called a "living off the land" attack (a fileless malware attack). This tactic has recently become more popular. It can best be described as gaining additional access using the tools that already exist in the computing environment. This makes detection and reconstruction of the compromise timeline increasingly difficult. Systems that are often targeted are IT/help desk tools, system patching infrastructure, security vulnerability scanners, and “system accounts” with global administrative permissions. Once the attacker has compromised these environments, they often have the access required to compromise the targeted systems and/or data undetected.

How to defend against a fileless malware attack

Creating an application safe list, logging, and behavioral detection, such as IronNet's Network Detection and Response solution IronDefense, are needed to stop these kinds of attacks. Common techniques are well documented at https://lolbas-project.github.io/ and https://attack.mitre.org.

Discover how to strengthen supply chain security in IronNet's latest white paper.

 

About Ironnet
Founded in 2014 by GEN (Ret.) Keith Alexander, IronNet Cybersecurity is a global cybersecurity leader that is revolutionizing how organizations secure their networks by delivering the first-ever Collective Defense platform operating at scale. Employing an extraordinarily high percentage of former NSA cybersecurity operators with offensive and defensive cyber experience, IronNet integrates deep tradecraft knowledge into its industry-leading products to solve the most challenging cyber problems facing the world today. Follow IronNet on Twitter and LinkedIn.