Living-off-the-land Attacks: Why Finance Firms Need Smarter Endpoint Protection

Cybercriminals are moving away from obvious malware. Instead, they’re using what’s already on your systems, tools like PowerShell or legitimate admin utilities, to carry out “living-off-the-land” (LotL) attacks. Traditional antivirus rarely detects this type of behaviour.

The latest Huntress 2025 Threat Report highlights how attackers are weaponising trusted utilities to bypass defences and remain undetected.

Why This Matters for Finance Firms

• Finance systems are rich targets: client data, trading signals, and regulatory information are all highly valuable.
• LotL attacks don’t leave obvious traces like downloaded malware files.
• Regulators expect firms to have monitoring in place to prevent and detect these attacks.

What You Can Do

1. Adopt endpoint detection and response (EDR): Instead of looking for “bad files,” EDR tools monitor for suspicious behaviour, like unusual PowerShell activity.
2. Restrict admin rights: Reduce the number of staff with elevated privileges to limit what attackers can exploit.
3. Regular threat hunting: Review logs and alerts for activity that looks abnormal, even if no malware is detected.

How Maple Helps

At Maple, we partner with providers like Huntress to give our finance clients advanced EDR capabilities. Our team monitors for suspicious activity and investigates threats before they escalate. It’s proactive, not reactive.

LotL attacks are hard to spot with legacy tools. By combining modern detection with Maple’s managed IT services, finance firms in London can stay ahead of attackers.