What are Living Off the Land (LoL) Attacks?
In recent years, Living off the Land Binaries and Scripts (LoLBas) have become increasingly popular tools for cybercriminals. These types of attacks leverage native, signed, and often pre-installed applications in malicious ways that their creators never intended. Exploiting trusted tools and applications makes it easier for attackers to remain undetected in systems—as these tools are preinstalled on the operating system and can be utilized to bypass security controls such as application whitelisting and traditional anti-virus—making LoL attacks extremely appealing to hackers.
Carbon Black + LoL Attacks
At Carbon Black, we understand the impact LoLbin based attack can have on a company—and we’re constantly working to ensure that your systems are protected. By staying up to date on the latest attack trends, we are able to improve our capabilities, allowing you to worry less and focus on what matters.
Recently, we published a blog on three LoL binaries attackers use for Initial Access, Execution and Defense Evasion.
In this blog post we will focus on a few different areas of the MITRE ATT&CK™ framework and discuss some techniques we see being used after an attacker has gained Initial Access to a system. In addition to the Defense Evasion and Execution tactics we covered in the last post, this post will also include Privilege Escalation, Command and Control, and Exfiltration:
Carbon Black has developed an approach to detection and prevention that can help stop these and other types of attacks as they appear—whether they’ve been seen before or not. Our teams conduct behavioral threat research to discover novel behavioral patterns used by attackers. These patterns stretch across the entire scope of the kill chain, transcending any individual attack and allowing us to provide protection against a broad set of threats without relying on specific pre-discovered IOCs. With Carbon Black, you can rest easy knowing that you’re protected from the attacks we’ve highlighted and more.
For more details on LoL binaries and scripts check out the whitepaper written by Carbon Black’s Threat Analysis Unit (TAU).
Carbon Black’s managed alert triaging team, CB ThreatSight, recently investigated a series of ongoing PowerShell attacks leveraging several whitelisting bypasses and weaponized open source pentesting tools
The post How Carbon Black is Prioritizing Living Off the Land Attacks Part 2 appeared first on Carbon Black.