Draft:Living-off-the-Land attack
Review waiting, please be patient.
This may take 2 months or more, since drafts are reviewed in no specific order. There are 1,326 pending submissions waiting for review.
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
Reviewer tools
|
Submission declined on 18 September 2024 by 1AmNobody24 (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources.
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
This draft has been resubmitted and is currently awaiting re-review. |
Submission declined on 15 September 2024 by Bonadea (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources. Still a patchwork of close paraphrasing, more and more awkwardly written. Still no sign of independent notability. Declined by Bonadea 5 days ago. |
Submission declined on 14 September 2024 by Bonadea (talk). Wikipedia cannot accept material copied from elsewhere, unless it explicitly and verifiably has been released to the world under a suitably free and compatible copyright license or into the public domain and is written in an acceptable tone—this includes material that you own the copyright to. You should attribute the content of a draft to outside sources, using citations, but copying and pasting or closely paraphrasing sources is not acceptable. The entire draft should be written using your own words and structure. Declined by Bonadea 6 days ago.This submission has now been cleaned of the above-noted copyright violation and its history redacted by an administrator to remove the infringement. If re-submitted (and subsequent additions do not reintroduce copyright problems), the content may be assessed on other grounds. |
Submission declined on 9 September 2024 by S0091 (talk). This submission is not suitable for Wikipedia. Please read "What Wikipedia is not" for more information. Declined by S0091 11 days ago. |
Submission declined on 9 September 2024 by Utopes (talk). This submission does not appear to be written in the formal tone expected of an encyclopedia article. Entries should be written from a neutral point of view, and should refer to a range of independent, reliable, published sources. Please rewrite your submission in a more encyclopedic format. Please make sure to avoid peacock terms that promote the subject. This submission reads more like an essay than an encyclopedia article. Submissions should summarise information in secondary, reliable sources and not contain opinions or original research. Please write about the topic from a neutral point of view in an encyclopedic manner. Declined by Utopes 12 days ago. |
Submission declined on 8 September 2024 by Utopes (talk). This submission does not appear to be written in the formal tone expected of an encyclopedia article. Entries should be written from a neutral point of view, and should refer to a range of independent, reliable, published sources. Please rewrite your submission in a more encyclopedic format. Please make sure to avoid peacock terms that promote the subject. This submission reads more like an essay than an encyclopedia article. Submissions should summarise information in secondary, reliable sources and not contain opinions or original research. Please write about the topic from a neutral point of view in an encyclopedic manner. Declined by Utopes 12 days ago. |
Submission declined on 7 September 2024 by Theroadislong (talk). This draft's references do not show that the subject qualifies for a Wikipedia article. In summary, the draft needs multiple published sources that are: Declined by Theroadislong 13 days ago.
|
- Comment: A patchwork of minimal paraphrasing from the sources. In addition to the copyvio/plagiarism problem, it also creates some rather awkward wording such as "This in turn makes it quite confusing for the defenders on the network to segregate between an authentic user’s activity and the same user engaging in a malicious activity", cf the source's phrasing "this makes it difficult for network defenders to discern legitimate behavior from malicious behavior [...]" (page 2 in the source) bonadea contributions talk 11:46, 14 September 2024 (UTC)
- Comment: This crosses between WP:NOTHOWTO and WP:NOTESSAY. In addition, most of the sources are not reliable (blogs, WP:FORBESCON, commercial sites, conference proceedings, etc.). If resubmitted without substantial improvement with both the content and sourcing, the draft may be rejected meaning it will not longer be considered. S0091 (talk) 21:56, 9 September 2024 (UTC)
- Comment: Still contains WP:NPOV and tone issues, with some brand new questionable sentences. "By combining these approaches, organizations can strengthen their defense against LOTL attacks and reduce the likelihood of undetected system compromises.", which independent, reliable source asserts this? Utopes (talk / cont) 06:34, 9 September 2024 (UTC)
- Comment: This currently reads like a "PSA announcement" on avoiding "living off the land" attacks, when it should be written like an encyclopedia article and fully described like so. The sourcing is also insufficient, which independent reliable source states that: "These actions taken together enhance the overall capability of the organization to defend and to recover from LOTL threats."? Utopes (talk / cont) 21:25, 8 September 2024 (UTC)
Living-Off-the-Land (LOTL) refers to a fileless malware cyberattack technique whereby the threat actors utilize the available system tools and built-in system features to compromise the networks while remaining undetected [1]. Unlike traditional types of cyber assaults with a malware infection, in this case, the attacker does not import external malware into the systems [2]. Instead, cybercriminals use the inbuilt utilities and administrative options available making it hard even for the traditional security features to pick them out.
Attack tools
[edit]Several legitimate system utilities are commonly employed in LOTL attacks, and these tools, which are integral to operating system functionality or administrative processes, can be misused to execute malicious actions. Some of the most frequently exploited software include [1]:
Detection and prevention techniques
[edit]This article contains instructions, advice, or how-to content. |
Advanced monitoring techniques, such as behavior analysis and machine learning are used to identify unusual system activity that may indicate an ongoing LOTL attack[3]
Several strategies for prevention include:
- Implement Process Detection Rules: Apply detection rules to identify suspicious processes such as PowerShell and Command Prompt triggered by Microsoft Office applications.[2]
- Leverage Advanced Tools: Engage in endpoint monitoring and conduct behavioral analytics to respond to suspicious acts.[3]
- Use User & Entity Behavioral Analytics: Build or acquire automation (such as machine learning models) to continually review all logs to compare current activities against established behavioral baselines and alert on specified anomalies.[2]
- Least Privilege Principle: Grant users only the minimum privileges necessary to perform their job duties [3].
References
[edit]- ^ a b F. Barr-Smith, X. Ugarte-Pedrero, M. Graziano, R. Spolaor and I. Martinovic, "Survivalism: Systematic Analysis of Windows Malware Living-Off-The-Land," 2021 IEEE Symposium on Security and Privacy (SP), San Francisco, CA, USA, 2021, pp. 1557-1574, doi: 10.1109/SP40001.2021.00047. keywords: {Privacy;Systematics;Malware;Security;Detection algorithms;Malware;Advanced-Persistent-Threat;Security;Windows;Operating-Systems},
- ^ a b c Sudhakar; Kumar, Sushil (2020-01-14). "An emerging threat Fileless malware: a survey and research challenges". Cybersecurity. 3 (1): 1. doi:10.1186/s42400-019-0043-x. ISSN 2523-3246.
- ^ a b c "Identifying and Mitigating Living Off the Land Techniques | CISA". www.cisa.gov. 2024-02-07. Retrieved 2024-09-09.
- Draft articles on software
- Draft articles on computing
- Draft articles on technology
- AfC submissions on science, mathematics and engineering
- Pending AfC submissions
- AfC pending submissions by age/3 days ago
- AfC submissions by date/18 September 2024
- AfC submissions by date/17 September 2024
- AfC submissions by date/15 September 2024
- AfC submissions by date/13 September 2024
- AfC submissions by date/09 September 2024
- AfC submissions by date/08 September 2024
- AfC submissions by date/07 September 2024