| This draft may meet Wikipedia's criteria for speedy deletion as a copyright infringement(Copyvios report). This criterion applies only in unequivocal cases, where there is no free-content material on the page worth saving and no later edits requiring attribution – for more complicated situations, see Wikipedia:Copyright violations. See CSD G12.
If this draft does not meet the criteria for speedy deletion, or you intend to fix it, please remove this notice, but do not remove this notice from pages that you have created yourself. If you created this page and you disagree with the given reason for deletion, you can click the button below and leave a message explaining why you believe it should not be deleted. You can also visit the talk page to check if you have received a response to your message. Note that this draft may be deleted at any time if it unquestionably meets the speedy deletion criteria, or if an explanation posted to the talk page is found to be insufficient. Note to administrators: this page has content on its talk page which should be checked before deletion. Note to administrators: If declining the request due to not meeting the criteria please consider whether there are still copyright problems with the page and if so, see these instructions for cleanup, or list it at Wikipedia:Copyright problems. Please be sure that the source of the alleged copyright violation is not itself a Wikipedia mirror. Also, ensure the submitter of this page has been notified about our copyright policy.Administrators: check links, talk, history (last), and logs before deletion. Consider checking Google. This page was last edited by Bonadea (contribs | logs) at 13:59, 14 September 2024 (UTC) (5 seconds ago) |
 | Regarding the copyright violation, see my AfC comment from 11:46 UTC, below. --bonadea contributions talk 13:59, 14 September 2024 (UTC) |
Submission declined on 14 September 2024 by Bonadea (talk).
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
|  |
| Submission declined on 9 September 2024 by S0091 (talk). This submission is not suitable for Wikipedia. Please read "What Wikipedia is not" for more information. Declined by S0091 4 days ago. | |
| Submission declined on 9 September 2024 by Utopes (talk). This submission does not appear to be written in the formal tone expected of an encyclopedia article. Entries should be written from a neutral point of view, and should refer to a range of independent, reliable, published sources. Please rewrite your submission in a more encyclopedic format. Please make sure to avoid peacock terms that promote the subject. This submission reads more like an essay than an encyclopedia article. Submissions should summarise information in secondary, reliable sources and not contain opinions or original research. Please write about the topic from a neutral point of view in an encyclopedic manner. Declined by Utopes 5 days ago. | |
| Submission declined on 8 September 2024 by Utopes (talk). This submission does not appear to be written in the formal tone expected of an encyclopedia article. Entries should be written from a neutral point of view, and should refer to a range of independent, reliable, published sources. Please rewrite your submission in a more encyclopedic format. Please make sure to avoid peacock terms that promote the subject. This submission reads more like an essay than an encyclopedia article. Submissions should summarise information in secondary, reliable sources and not contain opinions or original research. Please write about the topic from a neutral point of view in an encyclopedic manner. Declined by Utopes 5 days ago. | |
| Submission declined on 7 September 2024 by Theroadislong (talk). This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are: Declined by Theroadislong 6 days ago.
| |
Comment: A patchwork of minimal paraphrasing from the sources. In addition to the copyvio/plagiarism problem, it also creates some rather awkward wording such as "This in turn makes it quite confusing for the defenders on the network to segregate between an authentic user’s activity and the same user engaging in a malicious activity", cf the source's phrasing "this makes it difficult for network defenders to discern legitimate behavior from malicious behavior [...]" (page 2 in the source) bonadea contributions talk 11:46, 14 September 2024 (UTC)
- Comment: This crosses between WP:NOTHOWTO and WP:NOTESSAY. In addition, most of the sources are not reliable (blogs, WP:FORBESCON, commercial sites, conference proceedings, etc.). If resubmitted without substantial improvement with both the content and sourcing, the draft may be rejected meaning it will not longer be considered. S0091 (talk) 21:56, 9 September 2024 (UTC)
- Comment: Still contains WP:NPOV and tone issues, with some brand new questionable sentences. "By combining these approaches, organizations can strengthen their defense against LOTL attacks and reduce the likelihood of undetected system compromises.", which independent, reliable source asserts this? Utopes (talk / cont) 06:34, 9 September 2024 (UTC)
- Comment: This currently reads like a "PSA announcement" on avoiding "living off the land" attacks, when it should be written like an encyclopedia article and fully described like so. The sourcing is also insufficient, which independent reliable source states that: "These actions taken together enhance the overall capability of the organization to defend and to recover from LOTL threats."? Utopes (talk / cont) 21:25, 8 September 2024 (UTC)
Living-Off-the-Land (LOTL) refers to a fileless malware cyberattack technique whereby the threat actors utilize the available system tools and built-in system features to compromise the networks while remaining undetected [1]. Unlike traditional types of cyber assaults with a malware infection, in this case, the attacker does not import external malware into the systems [2]. Instead, cybercriminals use the inbuilt utilities and administrative options available making it hard even for the traditional security features to pick them out.
Attack tools
editSeveral legitimate system utilities are commonly employed in LOTL attacks, and these tools, which are integral to operating system functionality or administrative processes, can be misused to execute malicious actions. Some of the most frequently exploited software include [1]:
Detection and prevention techniques
edit | This article contains instructions, advice, or how-to content. |
Advanced monitoring techniques, such as behavior analysis and machine learning are used to identify unusual system activity that may indicate an ongoing LOTL attack[3]
Several strategies for prevention include:
- Implement Process Detection Rules: Apply detection rules to identify suspicious processes such as PowerShell and Command Prompt triggered by Microsoft Office applications.[2]
- Leverage Advanced Tools: Engage in endpoint monitoring and conduct behavioral analytics to respond to suspicious acts.[3]
- Use User & Entity Behavioral Analytics: Build or acquire automation (such as machine learning models) to continually review all logs to compare current activities against established behavioral baselines and alert on specified anomalies.[2]
- Centralized Monitoring and Detection: Establish a central platform to collect, analyze and monitor logs for both static and behavioral anomalies.[1]
Challenges in Detecting LOTL Attacks
editImplementing proper security and network management has continued to vex organizations several reasons such as lack of established baselines, thus making it difficult to identify malicious Living-Off-the-Land (LOTL) activities [3]. This in turn makes it quite confusing for the defenders on the network to segregate between an authentic user’s activity and the same user engaging in a malicious activity. Hence, doing behavioral profiling, anomaly investigations, and active hunting for threats becomes problematic.
Furthermore, there is a general scarcity of traditional indicators of compromise (IOCs) linked to LOTL activities.[3]. This lack of conventional IOCs complicates the efforts of security teams to identify, track, and categorize malicious behavior, leaving organizations more vulnerable to attacks. By using LOTL techniques, cyber threat actors can exploit legitimate tools and processes already present in the network, avoiding the need to invest resources in creating and deploying custom malware or tools, thereby increasing the stealth and effectiveness of their operations [2]
References
edit- ^ a b c "Broadcom Inc. | Connecting Everything". docs.broadcom.com. Retrieved 2024-09-12.
- ^ a b c d Sudhakar; Kumar, Sushil (2020-01-14). "An emerging threat Fileless malware: a survey and research challenges". Cybersecurity. 3 (1): 1. doi:10.1186/s42400-019-0043-x. ISSN 2523-3246.
- ^ a b c d "Identifying and Mitigating Living Off the Land Techniques | CISA". www.cisa.gov. 2024-02-07. Retrieved 2024-09-09.
cvtocv-cleanedin the {{AfC submission}} call.