|Carl Mazzanti is the president of eMazzanti Technologies in Hoboken.
||We’re getting closer to Halloween, and I had a scary thought about the growing Cyber Threat: LOTL (Living Off the Land) attacks. Without getting too much into the deep detail, I will note that they are different from the “traditional” malware attacks we’ve seen before — LOTL attacks are scary because they use legitimate software and functions already in a system and perform malicious actions on it.|
Living Off the Land Attacks
How bad are they? The most famous example of an LOTL attack was NotPetya, which crippled companies worldwide and was responsible for an estimated $10 billion in damages. The thing is, users who work with an experienced Cyber Security Solutions provider can guard against LOTL (and other) attacks.
How to Safeguard Against Cyber Threat
One basic step is implementing Multi-Factor Authentication (MFA), a multi-step account login process that requires users to enter more information than just a password. For example, in addition to the password, a user may be prompted to enter a code sent to their email or mobile device, answer a secret question, or scan a fingerprint. This second form of authentication can help prevent unauthorized account access even if a system password is compromised.
Unfortunately, many companies have been slow to embrace defenses like MFA. On the day a new employee starts, they’ll log on to the company system and — if MFA is not enabled — potentially lay out the welcome mat for Cyber Criminals. Bad actors harvest new-user account directories looking for new employees who have not received Cyber Security training but have privileged access to a wide range of systems and data. The employee is happy because they can do their job and the employee’s manager will say it is not their job to audit Cyber Security compliance — from Day One, the employee and their employer’s systems are exposed. It is an exponentially growing challenge as more employees work remotely; introducing multiple locations or endpoints that increase opportunities for bad actors.
The challenge has been further compounded since, in addition to company-owned devices, many organizations have instituted bring-your-own-device policies. As employees use personal phones and tablets to connect to enterprise systems, security teams struggle to manage access to endpoints, which include any device that connects to the network. Every connection represents a possible point of access for cybercriminals, so endpoint security acts as a front line of cyber security for an organization. An effective endpoint security solution will use a multi-faceted approach to detect and minimize threats and control system access.
Because many mobile devices do not receive updates promptly, out-of-date devices and applications increase the likelihood of an attack. Policies should be in place and enforced to ensure that patches get applied quickly. Businesses should ensure that anti-virus, anti-malware, and firewalls are kept current. An anti-virus last updated two months ago provides little protection from this week’s threats.
MFA, patches, and endpoint security may be necessary first Cyber Security steps, but they are hardly the only ones. To deliver maximum effectiveness, businesses should take a layered approach to Cyber Security defenses. The initiative should address a spectrum of issues including and beyond MFA, such as enforcing the use of complex and unique passwords and being automatically alerted when credentials from a business’ domain(s) are found on the Dark Web —so action can be taken before Cyber Criminals use them to steal money or cause other havoc. Commercially available software security packages can deliver these and other capabilities in an integrated manner that can shore up a company’s Cyber defenses while staying within a reasonable budget.
Passwords are no longer enough.
IS YOUR INFORMATION ON THE DARK WEB?
We go into the dark web to keep you out of it.