Antimalware tools and techniques security pros need right now
A comprehensive collection of articles, videos and more, hand-picked by our editors
Hackers are reportedly using little or no actual malware to infiltrate their victims' networks, yet much of traditional...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
enterprise security software relies on detecting malicious code. What security controls should enterprises use to detect and defend against these "living off the land" malware-free attacks?
"Living off the land" is when an attacker uses the tools and credentials that exist on a system breach the network instead using malware, hence the term "malware-free" attack. It's important that the credentials or tools used to infiltrate an environment are already in existence on the system; installing new tools or creating new root and administrator accounts could bring attention from security administrators and prompt an investigation, thus putting the attack at higher risk of being detected. The attacker will use legitimate system management tools either built into the operating system or the existing third-party system management tool to access the systems. One of the other security controls attackers frequently bypass is single-factor username/password authentication. The attacker either captures the credential or uses a hash of the credential to then access other systems.
Dell SecureWorks issued a media alert about more attackers "living off the land," to bring more attention to how enterprises need to protect themselves. Detecting and defending against these types of malware-free attacks requires more than just using traditional antimalware tools and firewalls. The company's recommendations are basic cybersecurity hygiene, but on a large scale can still be difficult to perform. Potentially the easiest security control to adopt is Dell SecureWorks' first recommendation: implementing two-factor authentication. This can drastically reduce an attacker's capability to compromise credentials for use in the malware-free attack. A harder security control that can also detect these and many other types of attacks is monitoring the endpoint on the network and host-based activities. Monitoring the endpoint devices will help security teams detect any suspicious behavior, such as spike in file downloads, that may indicate a user's credentials have been comprised.
Find out how hackers are using fileless malware to attack enterprises
Learn why account credentials are a weak spot for cloud services
Read about how embedded documents pose security risks
Related Q&A from Nick Lewis
Bitdefender discovered that the NotPetya malware changes its behavior when Kaspersky security products are detected. Nick Lewis explains how the ...continue reading
The Katyusha Scanner is based on the open source penetration test scanner Arachni. However, it has been modified to work through Telegram accounts. ...continue reading
A Libgcrypt vulnerability could allow attackers to recover private RSA-1024 keys, as it allows a left-to-right sliding window that shows how specific...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.