What is the “Living off the Land”(LotL) Attack Tactic in Cybersecurity?

Picture a mouse that enters a house when the door is left open.

It makes its way into the attic where it stays put in some inaccessible location. Every night once the residents of the home sleep, the mouse comes out to get its ration for the day.

The mouse revels in its newfound invincibility and literally feasts on all the resources it can find. This goes on for weeks (or in worst cases months) before the owners of the house sense something unusual happening inside the house and take corrective action.

The mouse would be eliminated one way or another but after considerable damage is done.

This is a ‘cute’ tale that can be used to explain “Living off the Land”(LOTL) attack tactic in Cybersecurity.

Here, threat actors gain illegitimate access to an information system. The administrators of the system have no clue about the break-in. The illegal entrants use tools, resources, or anything useful on the system, to gain further access to sensitive data/assets.

They comprehensively go through the system to steal any useful information available on it. Generally, no malware is installed on the system, hence it is harder to detect malevolent activities.

This goes on for weeks or in worst cases months, before it is detected by the host organization. By then all valuable & sensitive data are stolen and used for nefarious purposes.