Detecting Stealth and Living Off the Land Techniques Sooner, with ThreatWise

Learn how advanced stealth techniques like Living Off the Land (LOL) pose a unique risk to data security and how Commvault's ThreatWise? offers next-generation detection capabilities.

Cyberthreats have proved to be a perpetual game of cat and mouse. Security teams, on one hand, aim to stay one step ahead, leveling up defenses to uncover and ward off new forms of cyber threats. At the same time, bad actors are constantly evolving to employ new techniques that exploit vulnerabilities and outmaneuver even the most sophisticated of security stacks. And stealth is the name of the game… New forms of attack, including Living Off the Land techniques, are stealthy and once again upping the ante and challenging business’ ability to detect threats – before data is compromised.

Constant Innovation Fuels Cyberthreats

For security teams, they already have their work cut out. From the cloud to the data center, data lives in more places than ever before – and it all needs protecting. That’s a lot of ground to cover, and one weak link introduces risk and potential avenues for attackers to exploit. If that wasn’t challenging enough, cyberthreats also don’t exactly sit still. They’re constantly innovating with new tools and techniques that silently bypass security tooling and compromise systems, applications, and environments. Take for instance Locker malware, which was particularly popular in the late 2000s. Locker disrupted computer access by injecting malicious code to lock users out. Access was only regained when victims paid a ransom. Antivirus tools eventually caught up and Locker became too bulky and slow for a good success rate of attacks. Threat actors recognized this and flipped the script, favoring a new form of stealth technique that was quieter, faster, and could bypass recently improved antivirus technology – file encryption.

Advanced, Silent Techniques Threaten Data

Today, cyberthreats once again look different. Silent attacks, which can remain hidden in systems for extended periods of time, pose a unique risk to businesses. Take Living Off the Land techniques that leverage signed binaries (LOLBins), scripts (LOLScripts), and libraries for example. This method, recently deployed by the Volt Typhoon hacking group, is particularly novel and hard to decipher. It doesn’t use conventional malware files but leverages conventional utilities, executables, and repositories to execute its attack. Traditional security tools based on signatures and traffic analysis cannot detect stealth techniques such as LOLBins used by the Volt Typhoon group, as legitimate tools/information camouflage malicious activity to blend in and bypass even the most advanced security defenses. Once more, bad actors have moved the goal posts, leveraging new, stealthy schemas that go undetected and compromise data unbeknownst to their victims.

New Threats Require New Thinking

As advanced stealth and persistent techniques become mainstream, defending data from these attacks must also be reimagined to keep pace. Just as bad actors can cloak themselves when employing stealth techniques, defending data against these threats can also employ similar tactics. The use of modern cyber deception can alter the playing field, introducing highly effective decoys masked as real resources and assets, in turn, exposing threats lurking (or in this case, disguised and legitimate utilities) in your network. ThreatWise?, Commvault’s patented early warning system, offers next-generation detection capabilities to surface zero-day and unknown cyberthreats – including recent LOLBins methods. Using look-a-like authentic decoys, ThreatWise? actively defends data by obfuscating the attack surface, tricking bad actors into engaging with false resources during recon, discovery, and lateral movement. This eliminates blindspots by exposing internal and external threat actors that silently breach perimeter defenses, alerting stakeholders before its time to recover and joining IT and Security Teams for more effective incident response.

For more information on ThreatWise?, please visit http://www.lankewang.com.cn/platform/products/threatwise

More related posts

No posts founds