What is a Living off the Land Attack | Definition and Meaning

Last modified on Sunday, October 8, 2023

1 minute read

Defining Living off the Land Attack

A Living off the Land Attack (LotL Attack) employs legitimate system software called binaries, scripts, and libraries for malicious purposes. Living off the land attacks are made possible through the known and unknown interactions between thousands of preinstalled binaries, scripts, and libraries. Many AV technologies were unable to detect this sort of attack in 2021, this is due to several reasons, because they're employing legitimate code and it can therefore be difficult to differentiate between the binary being used for its intended purpose, and code being used maliciously. Another reason is that they live in-memory, leaving no attack footprint on the hard drive. Some attacks may exist as a hybrid, reducing their attack surface by employing lolbins, lolscripts, and lollibs, but which may not be completely fileless. Detection is difficult, and blocking the malware can be difficult due to a high false positive rate.

See also:

Living off the Land Attack Synonyms:

  • LotL Attack

Share this article

Stellastra The Cyber Security Comparison Platform

© 2023 Stellastra Ltd. All rights reserved. All names, logos, trademarks, etc belong to their respective owners. No endorsement or partnership is necessarily implied between company and Stellastra and vice versa. Information is provided for convenience only and may not always be accurate. For the most up to date information, contact vendor directly. Scores including email security, SPF, and DMARC are calculated based on certain metrics and other analyses may return different results.



About StellastraContact usCyber Security Risk ScoreEmail Deliverability ToolStellastra Discover

Stay up to date