The National Security Agency, Cybersecurity and Infrastructure Security Agency, FBI and U.K. National Cyber Security Center have released joint guidance on identifying and mitigating living-off-the-land techniques, also known as LOTL.
NSA said Wednesday the guidance outlines threat detection information and best practices for mitigating LOTL activities including applying authentication controls, implementing logging for better detection of malicious activities and maintaining user and admin privilege restrictions.
The agency and its partners also urge software and technology manufacturers to audit remote access software, establish baseline behaviors and refine monitoring tools and alert mechanisms.
“Together with our partners and allies, we’re shining a light on attacks that occur in dark corners, and illustrating how the PRC behaves irresponsibly by holding civilian critical infrastructure at risk,” said Rob Joyce, NSA’s director of cybersecurity and a two-time Wash100 awardee.
