Muddo dheer, waxaan ku soo qaadanaynay habab kala duwan, kuwaas oo, niman xun ay galaan xogtaada, xadaan, ama la wareegaan shabakadaada. Ku noolaanshaha ka baxsan weerarrada dhulka^{(Living Off The Land attacks)} sidoo kale, waa hab u oggolaanaya tuugada inay gacanta ku dhigaan kombayutaradaada iyo aaladaha kale ee ku xiran. Waxa kaliya ee ka duwan waa iyadoo la isticmaalayo Living Off the Land weerarrada, ma aha inay soo dejiyaan faylasha kombiyuutarkaaga mar kasta. Isku-tanaasulku wuxuu dhacaa hal mar iyo wixii ka dambeeya, kombuyuutarku wuxuu u shaqeyn doonaa hackers adigoon ogeyn sababtoo ah software-ka antivirus ma ogaan karo weerarradaas.

Maxay ku nool yihiin weerarrada dhulka^(Land)

Ku noolaanshaha dhulka ka baxsan^{(Living Off The Land)} macneheedu waa ka shaqaynta isticmaalka agabkii hore ee kombayutarkaga. Habkaas, antimalware ma ogaan karto. Xaaladaha kale, haakarisku waxay u diraan/helaan xog joogto ah mashiinka ay isku dayayaan inay jabsadaan. Laakiin sababtoo ah xogtu waxay ka imanaysaa dibadda, waxaa jira habab lagu aqoonsan karo weerarrada oo joojin kara.

Marka laga hadlayo ku noolaanshaha weerarrada Dhulka^{(Living off the Land)} , tallaabo noocaas ah looma baahna. Marka la xalliyo, nimanka xun kaliya waxay isticmaalaan qalabka kombiyuutarkaaga si ay wax u qabtaan si aan qofna u dareemin. Waxay la macno tahay in tuugadu ay adiga kuu adeegsadaan qalabkaaga kombayutarka. Taas waxa loo yaqaan weerar ku noolaanshaha dhulka^{(Living Off The Land)} .

Siday u shaqeeyaan Weerarada Dhulka ee ku ^(Land)noolaanshaha^{(Living Off)}

Erayga Land waxa uu tilmaamayaa walxaha ku jira kombayutarka -labadaba software iyo hardware. Hackers-ku uma baahna inay rakibaan wax kasta oo dheeraad ah oo markaa magaca -  Living Off The Land weerar^{(Living Off The Land attacks)} . Kuwaani waxay hoos yimaadaan qaybta Weerarada aan Faylka lahayn^{(Fileless Attacks)(Fileless Attacks)} .

Waxa ugu horreeya ee habkan waa in aad la wareegto mashiinkaaga adiga oo socodsiinaya xoogaa qoraal ah. Dabinnada badanaa waxay wataan iimaylo aan^{(unsolicited emails)} la codsan . Iimaylladani waxay leeyihiin dukumeenti uu ku raran yahay hal ama in ka badan oo VB-script macros ah. Fayraska Macro ee ku jira dukumeentigu iskii ayuu u shaqeeyaa isla marka qof kastaa furo dukumeentiga, wax u dhimaya kombiyuutarka, kaas oo emailka la furay. Intaa ka dib^(Thereafter) , haakarisku waxay si fudud u isticmaali karaan kombiyuutarkaaga iyagoo isticmaalaya faylal qarsoodi ah oo ku yaal Qalabka Maareynta Windows ama meel qoto dheer oo ka mid ah Diiwaanka Windows^{(Windows Registry)} . Ma jiro wax cusub oo lagu rakibay kombayutarka sidaa darteed antivirus-ku ma heli karo wax ka baxsan nidaamka.

Inteena badan ma furno dukumeenti ilaa meel la aamini karo mooyaane. Markaa xoogaa injineernimada bulshada ah^{(social engineering)} ayaa ku lug leh. Dadka xunxun waxay u baahan yihiin oo kaliya inay ku qanciyaan in dukumeentigu badbaado yahay si aad u furto. Waxa laga yaabaa inay ku jiraan ama aanay ku jirin wax la qoray. Marka dukumeentiga la furo, macro-ga faylalka ku jira waxa uu wadaa qoraal si uu kombayutarka gacanta ugu dhigo hackerka. Dhammaan shaqada Dhulka-Land-ka-Lool^{(Living-off-the-Land)} ayaa markaa lagu sameeyaa meel fog, iyadoo la adeegsanayo qalabka ku jira kumbuyuutarkaaga. Inta badan waa faylalka nidaamka iyo adeegyada si ay u maraan hubinta antimalware si fudud, iyada oo aan wax calan ah lahayn.

Sida looga fogaado ku noolaanshaha^{(Living Off)} weerarrada dhulka^(Land)

Waxa ugu fiican ee la sameeyo si looga fogaado in sidan oo kale ku noolaadaan^(Living) weerarrada Dhulka waa INAANAN^{(NOT TO OPEN)} laga furin wax dukumeenti ah dad aadan aqoon. Haddii ay tahay inaad furto, hubi in dukumeentiyadu aysan kordhinin .dotm^(.dotm) . Fayl kasta oo leh kordhinta docmka^(docm) waa dukumeenti karti u leh makro.

Mararka qaarkood tuugadu waxay dhigaan icon miiskaaga halkii ay ka maamuli lahaayeen macros si ay ula wareegaan mashiinkaaga. Haddii aad ku aragto calaamad cusub miiska kombayutarka, si fudud ha u gujin si aad u socodsiiso. Taa beddelkeeda, midig-guji oo dooro inaad aragto faylka ku jira galka meesha uu hoggaamiyo. Haddii bartilmaameedku yahay faylal aan ahayn ku xusan icon ( .Faylasha LNK^(.LNK) ), si fudud u tirtir astaanta iyo faylka bartilmaameedka. Haddii aad shaki ka qabtid xaqiiqada, waxaad ka hubin kartaa internetka^(Internet) adiga oo ka baaraya faylka bartilmaameedka ee .LNK .

Soo koobid^(Summary)

Ku noolaanshaha weerarrada Dhulka si sahal ah looma helo sababtoo ah tuugadu waxay ku qariyaan faylalkooda meel qoto dheer oo ku taal Diiwaanka ama meelaha software-ka antimalware aanu gaadhin. Waxaad ka fogaan kartaa weerarada noocaas ah adigoon furin nooc kasta oo lifaaq ah iimaylada. Ha gujin faylalka summada cusub (.Faylasha LNK) adoon si badbaado leh u hubin faylka la beegsanayo. Ku noolaanshaha weerarrada^(Attacks) dhulka way adag tahay in la ogaado sababta oo ah aaladaha caadiga ah ee malware uma aqoonsan karaan weerar ahaan.

Midka kore wuxuu sharxayaa Living Off The Land Attacks oo wuxuu kuu sheegayaa sida aad u ilaalin lahayd. Haddii aad hayso wax aad ku darto, waan ku farxi doonaa inaan kaa maqalno.

Akhri marka xigta^{(Read next)} :  Qeexida Weerarkii Buufinta Furaha Password^{(Password Spray Attack Definition)} .

What are Living Off The Land attacks? How to stay safe?

For a long time, we’ve been covering different methods by which, the bad guys accesѕ your data, steal it, оr take control oνer уour network. Living Off The Land attacks too, are a method that allows hackers to take control of your computers and other connected devices. The only thing different is that using Living off the Land attacks, they don’t have to download files to your computer all the time. The compromise happens once and from thereon, your computer will work for hackers without you knowing because antivirus software cannot detect such attacks.

What are Living Off The Land attacks

Living Off The Land means working using the tools already on your computer. That way, antimalware cannot detect it. In other cases, hackers send/receive continuous data to the machine they are trying to hack. But because the data is coming from outside, there are methods that can identify the attacks and stop them.

In the case of Living off the Land attacks, no such action is required. Once compromised, the bad guys just use the tools on your own computer to get things done in a way that nobody notices it. It means that the hackers use your own computer tools against you. That’s called a Living Off The Land attack.

How do Living Off The Land attacks work

The term Land refers to elements in your computer – both software and hardware. The hackers need not install anything in addition and hence the name – Living Off The Land attacks. These fall under the category Fileless Attacks.

The first thing in this method is to take over your machine by running some script. The baits usually come with unsolicited emails. These emails have a document laden with one or more VB-script macros. The Macro virus in the document runs on its own as soon as anyone opens the document, compromising the computer on which, the email was opened. Thereafter, hackers can easily use your computer via stealth files located in Windows Management Instrument or deep somewhere in the Windows Registry. Nothing new is installed on the computer so the antivirus cannot find anything out of order.

Most of us do not open documents unless from a trusted source. So a bit of social engineering is involved. The bad guys just need to convince you that the document is safe so that you open them. They may or may not contain anything typed. Once the document is opened, the macro in the file runs a script to give the computer’s control to the hacker. All Living-off-the-Land work is then done remotely, using the tools present on your computer. These are mostly system files and utilities so they pass through antimalware checks through ease, without any flags.

How to avoid Living Off The Land attacks

The best thing to do to avoid such Living off the Land attacks is NOT TO OPEN any documents from people whom you don’t know. If you have to open, make sure the documents’ extensions are not .dotm. Any file with docm extension is a macro-enabled document.

Sometimes hackers place an icon on your desktop instead of running macros to take over your machine. If you see any new icon on your computer desktop, don’t simply click it to run it. Instead, right-click on it and opt to see the file in the folder where it leads. If the target is some file other than mentioned in icon (.LNK files), simply delete the icon and the target file. If in doubt about the authenticity, you may check on the Internet by searching the target file in .LNK.

Summary

Living off the Land attacks are not easily found because hackers hide their files somewhere deep in the Registry or at places where the antimalware software doesn’t reach. You can avoid such attacks by not opening any type of attachments in emails. Do not click any new icon files (.LNK files) without safely checking its target file. Living off the Land Attacks are hard to detect because normal tools for malware cannot figure out it out as an attack.

The above explains Living Off The Land Attacks and tells you how to stay safe. If you have anything to add, we’ll be happy to hear from you.

Read next: Password Spray Attack Definition.

Related posts

• Sidee Looga Fogaadaa Khayaanada Khiyaamada iyo Weerarada?

• Waa maxay Gelitaanka Fog ee Trojan? Kahortagga, Ogaanshaha & Ka saarida

• Ka saar fayraska USB Flash Drive adoo isticmaalaya Command Prompt ama Faylka Dufcada

• Rogue Security Software ama Scareware: Sida loo hubiyo, looga hortago, looga saaro?

• Waa maxay Win32:BogEnt iyo sida loo saaro?

• Sida looga saaro fayraska Windows 11/10; Hagaha ka saarida Malware

• Sida loo hubiyo Registry for malware gudaha Windows 11/10

• Waa maxay IDP.generic fayraska iyo sida loo saaro?

• Sida loo isticmaalo browserka Chrome ka ee la dhisay Malware Scanner & Qalabka Nadiifinta

• Waa maxay Rootkit? Sidee buu u shaqeeyaa Rootkits? Rootkits ayaa sharaxay.

• Weerarada khaldan: Qeexid, tusaaleyaal, ilaalin, ammaan

• Sidee ku heli kartaa fayraska kombiyuutarka, trojan, shaqada, spyware ama malware?

• Bundleware: Qeexid, Kahortag, Hagaha saarista

• Aaladaha Maamulka Fog: Khataraha, Hanjabaadaha, Kahortagga

• Waa maxay weerarka Backdoor? Macnaha, Tusaalooyinka, Qeexitaannada

• Waa maxay CandyOpen? Sidee looga saaraa CandyOpen Windows 10?

• Weerarada Cyber ​​- Qeexid, Noocyada, Ka Hortagga

• Crystal Security waa aaladda ogaanshaha Malware ee ku saleysan Cloud ee bilaashka ah ee PC

• Sida loo isticmaalo Avast Boot Scan si looga saaro Malware-ka Windows PC

• Sida looga hortago Malware - Talooyin si loo sugo Windows 11/10