Skip to main content
close search
site logo
Dive Brief

US, Australian authorities lead international push to adopt event logging

State-linked and criminal threat groups are using living-off-the-land techniques to hide their hacking activities behind regular security tools.

Published Aug. 22, 2024
David Jones's headshot
Reporter
Cyberattack and internet crime, hacking and malware concepts.
Techa Tungateja via Getty Images

Dive Brief:

  • The FBI, Cybersecurity and Infrastructure Security Agency — along with international partners led by Australia — advised network defenders to adopt event logging policies. Event logs are critical to help organizations defend against the rising use of living-off-the-land techniques designed to conceal threat activity using ordinary security tools, the agencies said Wednesday. 
  • The group of more than a dozen agencies released a guide on event logging and threat detection practices that can pinpoint a growing number of sophisticated attacks via privately-owned routers or other tools threat groups use to launch attacks that cannot be detected by normal endpoint protection. 
  • Living-off-the-land techniques have been employed by sophisticated state-linked hackers like Volt Typhoon and ransomware groups like Medusa to mask their presence inside network computing environments and move undetected for long periods of time.

Dive Insight:

The guide’s release comes more than a year after the U.S. State Department and other federal agencies were hacked by a China-linked threat group that targeted Microsoft Exchange Online customers. 

Federal officials with access to their own logs notified Microsoft of the attacks. Microsoft was widely criticized at the time because it charged customers additional fees to access their own logs. 

Microsoft later changed its policy to provide more customers with free access to event logs. 

Volt Typhoon, a separate China-linked threat group, has been abusing privately owned routers and exploiting other tools to embed itself inside the networks of various critical infrastructure providers. 

A comprehensive event logging strategy can help security teams track threat activity used by sophisticated criminal groups, including Medusa. The threat group has attacked hundreds of industrial targets in recent years. 

“The importance of robust event logging and monitoring practices when dealing with LoTL abuse is paramount given the nature of the attack vector,” Alex Capraro, cyber intelligence analyst at Reliaquest. “The new guide released by CISA, FBI, and the Australian Signals Directorate is a timely and essential resource for organizations aiming to strengthen their defenses against such advanced tactics.”

Editors' picks

Company Announcements

View all | Post a press release
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell