Expert Comment: NCSC CNI warning of threat actors ’living off the land’
February 2024 by Sylvain Cortes, VP Strategy at Hackuity
The GCHQ’s NCSC and partners have issued a warning about state-sponsored cyber attackers hiding on critical infrastructure networks.
New joint advisory and guidance reveal state-sponsored actors are among attackers using ‘living off the land’ techniques to persist on critical infrastructure networks.
UK critical infrastructure operators urged to follow advice to help detect and mitigate malicious activity. Sylvain Cortes, VP Strategy, Hackuity comments:
“Critical national infrastructure (CNI) remains a priority target for attackers, but the ‘living off the land’ (LOTL) technique, which the NCSC’s latest joint advisory warns of, seems to be on the rise – attackers can move around a network in a similar way to legitimate users.
This type of attack poses a significant threat to UK CNI. The attackers’ aim is simple: to cause maximum disruption whilst flying under the radar of detection.
I strongly advise organisations to apply the defense principles laid out in the latest guidance by the NCSC to target any malicious activity found on their networks, which suggests protection best practices, such as detailed logging of all activity and machine learning automation to review the logs for anomalies.
Prevention is always better than cure, so having vulnerability management in place will help teams identify their specific weaknesses and accelerate targeted remediation. And greatly reduce the chances of an unwelcome visitor lurking in the shadows of their network.”