Listen to this article

We’re getting closer to Halloween, and I had a scary thought about a growing Cyber Threat: LOTL – or Living Off the Land – attacks. Without getting too much into deep detail, I will note that they are different from the “traditional” malware attacks we’ve seen before. LOTL attacks are scary because they use legitimate software and functions already in a system and perform malicious actions on it.

How bad are they? The most famous example of an LOTL attack was NotPetya, which crippled companies worldwide and was responsible for an estimated $10 billion in damages. The thing is, users who work with an experienced cybersecurity solutions provider can guard against LOTL and other attacks.

One basic step is implementing multifactor authentication, a multistep account login process that requires users to enter more information than just a password. For example, in addition to the password, a user may be prompted to enter a code sent to their email or mobile device, answer a secret question, or scan a fingerprint. This second form of authentication can help prevent unauthorized account access even if a system password is compromised.

Unfortunately, many companies have been slow to embrace defenses like MFA. On the day a new employee starts, they’ll log on to the company system and – if MFA is not enabled – potentially lay out the welcome mat for cyber criminals. Bad actors harvest new-user account directories looking for new employees who have not received cybersecurity training but have privileged access to a wide range of systems and data.

The employee is happy about the access because they can do their job, and the employee’s manager will say it is not their job to audit cybersecurity compliance — but from Day One the employee and their employer’s systems are exposed. It is an exponentially growing challenge as more employees work remotely, introducing multiple locations, or endpoints, that increase opportunities for bad actors. 

The cybersecurity challenge has been further compounded since, in addition to company-owned devices, many organizations have instituted bring-your-own-device policies. As employees use personal phones and tablets to connect to enterprise systems, security teams struggle to manage access to endpoints, which include any device that connects to the network. Because every connection represents a possible point of access for cybercriminals, endpoint security acts as a front line of cybersecurity for an organization. An effective endpoint security solution will use a multifaceted approach to detect and minimize threats and control system access.

Unfortunately, many mobile devices do not receive updates promptly, and out-of-date devices and applications increase the likelihood of an attack. Policies should be in place and enforced to ensure that patches get applied quickly. Businesses should ensure that anti-virus, anti-malware, and firewalls are kept current. An anti-virus last updated two months ago provides little protection from this week’s threats.

MFA, patches and endpoint security may be necessary first cybersecurity steps, but they are hardly the only ones. To deliver maximum effectiveness, businesses should take a layered approach to cybersecurity defenses. The initiative should address a spectrum of issues including and beyond MFA, such as enforcing the use of complex and unique passwords, and being automatically alerted when credentials from a business’ domain(s) are found on the Dark Web — so action can be taken before cybercriminals use them to steal money or cause other havoc. Commercially available software security packages can deliver these and other capabilities in an integrated manner that can shore up a company’s cyber defenses while staying within a reasonable budget.

Carl Mazzanti is president of eMazzanti Technologies in Hoboken.