Dive Brief:
- The FBI, Cybersecurity and Infrastructure Security Agency — along with international partners led by Australia — advised network defenders to adopt event logging policies. Event logs are critical to help organizations defend against the rising use of living-off-the-land techniques designed to conceal threat activity using ordinary security tools, the agencies said Wednesday.
- The group of more than a dozen agencies released a guide on event logging and threat detection practices that can pinpoint a growing number of sophisticated attacks via privately-owned routers or other tools threat groups use to launch attacks that cannot be detected by normal endpoint protection.
- Living-off-the-land techniques have been employed by sophisticated state-linked hackers like Volt Typhoon and ransomware groups like Medusa to mask their presence inside network computing environments and move undetected for long periods of time.
Dive Insight:
The guide’s release comes more than a year after the U.S. State Department and other federal agencies were hacked by a China-linked threat group that targeted Microsoft Exchange Online customers.
Federal officials with access to their own logs notified Microsoft of the attacks. Microsoft was widely criticized at the time because it charged customers additional fees to access their own logs.
Microsoft later changed its policy to provide more customers with free access to event logs.
Volt Typhoon, a separate China-linked threat group, has been abusing privately owned routers and exploiting other tools to embed itself inside the networks of various critical infrastructure providers.
A comprehensive event logging strategy can help security teams track threat activity used by sophisticated criminal groups, including Medusa. The threat group has attacked hundreds of industrial targets in recent years.
“The importance of robust event logging and monitoring practices when dealing with LoTL abuse is paramount given the nature of the attack vector,” Alex Capraro, cyber intelligence analyst at Reliaquest. “The new guide released by CISA, FBI, and the Australian Signals Directorate is a timely and essential resource for organizations aiming to strengthen their defenses against such advanced tactics.”
Comments
Post a Comment