The rise of ‘living-off-the-land’ in cybercrime : Cybersec Europe

Article 17 January 2024

The rise of ‘living-off-the-land’ in cybercrime

In the world of cybercrime, so-called “living-off-the-land” tactics are gaining in popularity. This involves criminals abusing legitimate applications. This makes their activity difficult to detect.

It is the famous and emerging ransomware group Medusa that is famous for its “living-off-the-land” techniques. Medusa saw the light sometime in late 2022. A notorious ransomware-as-a-service collective, it quickly climbed the ranks of the cybercriminal underworld, mainly by creating victims among Windows users.

In living-off-the-land attacks, criminals use existing programmes (such as password managers) on victims’ devices to carry out attacks, rather than having external malicious software installed. Not only is this type of attack much harder to detect. It often allows cybercriminals to dwell on their victims’ devices undetected for months.

On the other hand, it is also difficult to take action against it, as you may just disrupt the functioning of those legitimate applications. Living-off-the-land (lotl) in itself is not new, but especially in the past year it has received a lot of attention. The term itself refers to the phenomenon where you have to survive with what you can get your hands on in nature.

Lotl attacks in particular also use legitimate tools like PowerShell or WMI (Windows Management Instrumentation) and thus leave little or no trace. To counter LotL attacks, cybersecurity professionals often use behavioural analysis-based solutions. The technology then detects anomalous programme and user activity: actions that may indicate an attack in progress.

Extortion

It is Unit 42, the research arm of Palo Alto Network, among others, that sees the living-off-the-land trend emerging. And in parallel, a strong professionalisation of the ransomware group Medusa. In 2023, these cybercriminals made 74 victims, most of them in the US and Europe. The hacker collective also recently launched a new blog on the dark web, where victims are pressured to tack and pay up. Medusa has also launched a Telegram channel where confidential files from the companies are publicly shared with followers.

On the hacker group’s website, you can read the victim’s name, price, time remaining and number of visitors. For a hefty sum, they can delay the payment deadline, for example, or have their data removed from the website. The latter costs an average of $10,000.

This extortion technique is not uncommon either, according to Unit 42 researchers. More so: it is increasingly used to increase the pressure on affected companies.

Source: Computable.be

The rise of ‘living-off-the-land’ in cybercrime

Extortion

Also interesting

Attackers are working around the clock. Can your cybersecurity partner cover it all?

Read the newest edition of Cybersec e-Magazine!

David Devogele, Prodata Systems: “So make sure not to miss your pit stop at Prodata Systems!”

Cybersec Europe 2024 grows: more than ever the central cybersecurity expo

How to turn cybersecurity into a success story for your company

Navigating Cybersecurity Challenges: Insights from Bjørn Watne

Ai implementation: not just for tech giants, also for manufacturing industry

Implement NIS2 Practically!

These Are The Five Protagonists In Your Film About Cybercrime

Cyber and data security has become pure necessity

Get ready for Cybersec Asia 2024 on January 31 to February 1

Computable and Cybersec looking for security innovations

Get Ready for the Computable Awards at Cybersec Europe 2024

Jaarbeurs komt met Travel & Tech-event

Physical infiltration tests neglected

Nine parties dominate endpoint security market

Security in 2023: the year the Las Vegas casino didn’t win

Here’s how to arm yourself against cyber hacking via ‘short’ links

It’s the Season for Cyber Threats: Unraveling the Surge in Holiday Cyber Attacks

Security predictions (5) for 2024

ESET provides dns filtering to KPN customers

Serge Christiaans: “We will never be freed from cybercriminals”

Watch Cybersec Europe 2023 recordings on demand

Upcoming: Cybersec Netherlands organized in collaboration with Computable

Levi Nietvelt (Beltug):”With corona came increased homeworking, extending the attack surface”

Anne-Pierre Guignard (Rapid7): “We will host two speaking sessions this year”

Herman Clicq (Easi): “Our ambitions in the cybersecurity space are skyrocketing”

Free career companion tool dedicated to Cybersec Europe 2023 attendees

Steer your cybersecurity career

Jorij Abraham (GASA), Alejandro Fernández-Cernuda (GCA) and Zoriana Dmytryshyna (APWG) about their keynotes and panel

Wouter Vandenbussche (Proximus):”Cybersec Europe lets us connect with the different stakeholders in the cybersecurity space in Belgium”

2023 Solvay Lifelong Learning Alumni Event – the Women4Cyber scholarship announcements

Saskia Brugman (Women4Cyber):”The Foundation works to help raise the voices of women”

Arnold Bijlsma (Jamf): “It provides attendees an opportunity to gain first-hand experience with advancements in security and management solutions”

Guy Verstraeten (SPIE): “security is a team sport, sharing and learning is something we support”

Meet the best of the best at Heroes Stage on day two of Cybersec Europe 2023

Cédric Van Loon (ITdaily):”People often are the weakest link in the security chain”

These are the exhibitors at Cybersec Europe 2023

Cathy Suykens (Cyber Security Coalition):”The digitization of businesses has rendered it easier to steal intellectual property”

Tom Mechelmans (Westcon-Comstor): “Cybersec Europe offers a valuable platform for visitors to learn, share and network with experts”

Keynote speaker Ksenia Iliuk tells you about lessons from Ukraine’s war against disinformation

5 Reasons to visit Cybersec Europe 2024

‘Most Valuable Hacker’ and keynote speaker Inti De Ceukelaire: “The most basic assumptions are wrong”

Joris Derden (Lenovo): “The ICT sector as such must also respond to the changing trends”

Keynote speaker and AI expert Nina Schick: “We’re about to enter a new era of machine-powered intelligence”

Nico Sienaert (Microsoft): “Cybersec Europe is an excellent event for us to showcase our solutions and to connect with customers, partners and students”

Cybersec Europe is back on April 19 & 20: Register now for free

Free parking in Antwerp due to cyber attack: Damage amounts to tens of millions

Orange Cyberdefense research: Manufacturing and public sector are extremely vulnerable to cybercrime

Cyber attacks threaten to become uninsurable

These are the first 50 exhibitors at Cybersec Europe 2023

ChatGPT produces malicious emails and code

FutureLab becomes the innovation center at Cybersec Europe

Marc Vael (SAI.BE): “Without a proper cybersecurity program, an organization can’t defend itself”

Women4Cyber and Cybersec Europe join forces: “Need for gender balance is evident”

Keynote speaker Emmanuel Kessler (Europol) will tell you how to protect citizens and companies against cyber threats

Cyber threats are taking serious shape, ‘policymakers and businesses urgently need new strategy’

Cyber Security Coalition and Cybersec Europe partner up: “Knowledge sharing is essential in cyber security”

Wim De Vilder moderator of Cybersec Europe 2022

Don’t give your ad budget to cybercriminals

Keynote speaker and hacking expert Tobias Schroedel shows the future of hacking at Cybersec Europe

Beltug and Cybersec Europe join forces: “Inspire and increase awareness about cyber security”

Manufacturing sector is the most popular target of cyber attacks

Keynote speaker Mikko Hypponen (F-Secure) will take you behind the enemy lines at Cybersec Europe

Israel hit by possibly ‘biggest cyber attack ever’, several government sites offline

Does cyber security fall under CEO, CISO or IT?

Ransomware is evolving into an as-a-service model

Belgian Army gets its own Cyber Commando

How you choose the right mssp for your cyber security