Living off the land: Cyber attackers ‘log in’ to harvest data

23rd July 2025Andrew Staniforth, Policing Insight

Cybercriminals are increasingly using stolen credentials and exploiting legitimate tools and native access to “log in, instead of breaking in”, blend into their target’s environment and carry out ‘living off the land’ (LOTL) attacks; Policing Insight’s Andrew Staniforth looks at the nature of LOTL attacks, and why all organisations – including police and law enforcement agencies – should remove all unnecessary files, applications and systems to reduce their attack surface to such threats.

To read this article you need to have an individual paid subscription or subscriber access via your organisation’s corporate subscription.

Please sign in to your account or subscribe to a plan below to read this article.

If your organisation has a corporate subscription please register a FREE account with your organisation email address for full subscriber access.

Email Address or Username:

Password:

Forgot password?

Having problems creating an account or can't sign in? Please e-mail [email protected]

Username: *

Email Address: *

Verify Email Address: *

Captcha: *

A registration to Policing Insight also registers you for access to sister site PolicingTV.

Receive the Policing Insight Weekly Digest Receive the Policing Insight Daily Brief (powered by Media Monitor) I would like to receive information and offers from carefully selected partners of Policing Insight and PolicingTV

Having problems creating an account or can't sign in? Please e-mail [email protected]

Living off the land: Cyber attackers ‘log in’ to harvest data

Request a password reset using the form below