#LivingOffTheLand

NSA Issues Tips for Better Logging, Threat Detection in LotL Incidents

August 22, 2024 by Xynik

August 22, 2024 at 04:32PM The NSA and international partners released a document outlining best practices for event logging and threat detection against threat actors using living-off-the-land techniques. It emphasizes improving security in cloud services, enterprise networks, and critical infrastructure, and highlights centralized log access, secure storage, and detection strategies for relevant threats. Directed at … Read more

TellYouthePass Ransomware Group Exploits Critical PHP Flaw

June 12, 2024 by Xynik

June 12, 2024 at 11:50AM TellYouThePass, a ransomware group, is targeting businesses and individuals using open source Web development languages, exploiting a critical PHP vulnerability (CVE-2024-4577) for remote code execution. This allows them to execute arbitrary code on vulnerable servers, posing significant risks. They also use various attack techniques and exploit known vulnerabilities such as … Read more

To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware

April 30, 2024 by Xynik

April 30, 2024 at 01:37PM Industrial cyber attackers are increasingly utilizing USB devices to breach operational technology (OT) networks, employing old malware and vulnerabilities. USBs enable attackers to cross air gaps that separate OT and IT networks, making them an effective threat vector. Defenses against these threats include strict USB policies, scanning stations, and file … Read more

Redesigning the Network to Fend Off Living-Off-the-Land Tactics

February 23, 2024 by Xynik

February 23, 2024 at 02:25PM Attackers are increasingly using legitimate tools, making it challenging for enterprise defenders to detect and defend against attacks. Rethinking network architecture is essential, with a focus on strong access controls, privileged behavior monitoring, and cloud security technologies. Organizations should prioritize telemetry sources and take a proactive approach to detect living … Read more

CISA and FBI Issue Warning About Rhysida Ransomware Double Extortion Attacks

November 16, 2023 by Xynik

November 16, 2023 at 08:12AM The U.S. Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and MS-ISAC have issued an advisory about the Rhysida ransomware. The threat actors behind Rhysida use a ransomware-as-a-service model and target organizations in various sectors. They exploit VPNs, the Zerologon vulnerability, and phishing campaigns to gain access to networks. Rhysida … Read more