长期以来,我们一直在介绍不同的方法,坏人通过这些方法访问您的数据、窃取数据或控制您的网络。Living Off The Land 攻击(Living Off The Land attacks)也是一种允许黑客控制您的计算机和其他连接设备的方法。唯一不同的是,使用Living off the Land攻击,他们不必一直将文件下载到您的计算机上。妥协发生一次,从那时起,您的计算机将在您不知情的情况下为黑客工作,因为防病毒软件无法检测到此类攻击。
什么是离地(Land)攻击
远离土地(Living Off The Land)意味着使用计算机上已有的工具工作。这样,反恶意软件就无法检测到它。在其他情况下,黑客向他们试图破解的机器发送/接收连续数据。但由于数据来自外部,因此有一些方法可以识别攻击并阻止它们。
在“离地而生”(Living off the Land)攻击的情况下,不需要采取此类行动。一旦受到攻击,坏人只会使用您自己计算机上的工具以没人注意到的方式完成任务。这意味着黑客使用您自己的计算机工具来对付您。这就是所谓的“靠陆地生活”(Living Off The Land)攻击。
以陆地(Land)为生(Living Off)的攻击如何运作
Land一词是指计算机中的元素——包括软件和硬件。黑客不需要额外安装任何东西,因此得名 – Living Off The Land 攻击(Living Off The Land attacks)。这些属于无文件攻击(Fileless Attacks)(Fileless Attacks)类别。
这种方法的第一件事是通过运行一些脚本来接管你的机器。诱饵通常带有不请自来的电子邮件(unsolicited emails)。这些电子邮件的文档中包含一个或多个 VB 脚本宏。只要有人打开文档,文档中的宏病毒就会自行运行,从而破坏打开电子邮件的计算机。此后(Thereafter),黑客可以通过位于Windows Management Instrument或Windows 注册表(Windows Registry)深处某处的隐秘文件轻松使用您的计算机。计算机上没有安装任何新内容,因此防病毒软件无法发现任何异常。
除非来自受信任的来源,否则我们大多数人不会打开文档。所以涉及到一些社会工程(social engineering)。坏人只需要说服您文档是安全的,以便您打开它们。它们可能包含也可能不包含任何类型的内容。打开文档后,文件中的宏会运行一个脚本,将计算机的控制权交给黑客。然后,使用计算机上的工具远程完成所有在陆地上生活的工作。(Living-off-the-Land)这些主要是系统文件和实用程序,因此它们可以轻松通过反恶意软件检查,没有任何标志。
如何避免离(Living Off)地攻击(Land)
避免此类离地攻击的最佳做法是(Living)不要打开(NOT TO OPEN)您不认识的人的任何文件。如果必须打开,请确保文档的扩展名不是.dotm。任何带有docm扩展名的文件都是启用宏的文档。
有时黑客会在您的桌面上放置一个图标,而不是运行宏来接管您的机器。如果您在计算机桌面上看到任何新图标,请不要简单地单击它来运行它。相反,右键单击它并选择在它所在的文件夹中查看该文件。如果目标是图标中未提及的文件(.LNK文件),只需删除图标和目标文件即可。如果对真实性有疑问,您可以通过在.LNK中搜索目标文件在Internet上进行检查。
概括(Summary)
离地攻击不容易被发现,因为黑客将他们的文件隐藏在注册表深处或反恶意软件无法到达的地方。您可以通过不在电子邮件中打开任何类型的附件来避免此类攻击。不要在未安全检查其目标文件的情况下单击任何新图标文件(.LNK 文件)。离地攻击(Attacks)很难检测,因为普通的恶意软件工具无法将其识别为攻击。
上面解释了以陆地为生的(Living Off The Land)攻击,并告诉你如何保持安全。如果您有什么要补充的,我们将很高兴收到您的来信。
阅读下一篇(Read next): 密码喷射攻击定义(Password Spray Attack Definition)。
What are Living Off The Land attacks? How to stay safe?
For a long time, we’ve been coνering different methods by which, the bad guys acсess your data, steal it, or takе control over your netwоrk. Living Off The Land attacks too, are a method that allows hackers to take control of your computers and other connected devices. The only thing different is that using Living off the Land attacks, they don’t have to download files to your computer all the time. The compromise happens once and from thereon, your computer will work for hackers without you knowing because antivirus software cannot detect such attacks.
What are Living Off The Land attacks
Living Off The Land means working using the tools already on your computer. That way, antimalware cannot detect it. In other cases, hackers send/receive continuous data to the machine they are trying to hack. But because the data is coming from outside, there are methods that can identify the attacks and stop them.
In the case of Living off the Land attacks, no such action is required. Once compromised, the bad guys just use the tools on your own computer to get things done in a way that nobody notices it. It means that the hackers use your own computer tools against you. That’s called a Living Off The Land attack.
How do Living Off The Land attacks work
The term Land refers to elements in your computer – both software and hardware. The hackers need not install anything in addition and hence the name – Living Off The Land attacks. These fall under the category Fileless Attacks.
The first thing in this method is to take over your machine by running some script. The baits usually come with unsolicited emails. These emails have a document laden with one or more VB-script macros. The Macro virus in the document runs on its own as soon as anyone opens the document, compromising the computer on which, the email was opened. Thereafter, hackers can easily use your computer via stealth files located in Windows Management Instrument or deep somewhere in the Windows Registry. Nothing new is installed on the computer so the antivirus cannot find anything out of order.
Most of us do not open documents unless from a trusted source. So a bit of social engineering is involved. The bad guys just need to convince you that the document is safe so that you open them. They may or may not contain anything typed. Once the document is opened, the macro in the file runs a script to give the computer’s control to the hacker. All Living-off-the-Land work is then done remotely, using the tools present on your computer. These are mostly system files and utilities so they pass through antimalware checks through ease, without any flags.
How to avoid Living Off The Land attacks
The best thing to do to avoid such Living off the Land attacks is NOT TO OPEN any documents from people whom you don’t know. If you have to open, make sure the documents’ extensions are not .dotm. Any file with docm extension is a macro-enabled document.
Sometimes hackers place an icon on your desktop instead of running macros to take over your machine. If you see any new icon on your computer desktop, don’t simply click it to run it. Instead, right-click on it and opt to see the file in the folder where it leads. If the target is some file other than mentioned in icon (.LNK files), simply delete the icon and the target file. If in doubt about the authenticity, you may check on the Internet by searching the target file in .LNK.
Summary
Living off the Land attacks are not easily found because hackers hide their files somewhere deep in the Registry or at places where the antimalware software doesn’t reach. You can avoid such attacks by not opening any type of attachments in emails. Do not click any new icon files (.LNK files) without safely checking its target file. Living off the Land Attacks are hard to detect because normal tools for malware cannot figure out it out as an attack.
The above explains Living Off The Land Attacks and tells you how to stay safe. If you have anything to add, we’ll be happy to hear from you.
Read next: Password Spray Attack Definition.