Identifying Misuse of Cobalt Strike Systems

Google Cloud recently identified 34 cracked versions of Cobalt Strike and released YARA Rules to detect them. The goal is to make it harder for malicious actors to abuse the tool. IronNet believes that a proactive approach to Cobalt Strike server detection is key in this effort. As Cobalt Strike has become increasingly popular among cyber adversaries, other C2 frameworks such as Covenant, Sliver, Empire, and Metasploit have also been exploited. However, threat actors are now pivoting to alternative frameworks such as Sliver, which are easier to acquire and less likely to be detected. As Google Cloud's YARA signatures only cover specific versions of cracked Cobalt Strike, detection gaps remain. To address this, IronNet has developed a proactive threat intelligence feed called IronRadar. This feed can be integrated into existing security tools, allowing organizations to proactively block threats and improve detection. IronRadar supports detection capabilities for more than 30 additional tools, including scanning engines, phishing frameworks, and loader malware. It is designed to detect and block new adversary infrastructure during the incipient stage, before follow-on activity such as ransomware deployment or data theft can occur. IronRadar is a valuable resource for proactively detecting and blocking threats targeting networks.

This Cyber News was published on www.ironnet.com. Publication date: Mon, 06 Feb 2023 21:17:03 +0000


Cyber News related to Identifying Misuse of Cobalt Strike Systems

International Operation Takes Down 593 Malicious Cobalt Strike Servers - Law enforcement agencies from around the world have successfully shut down 593 rogue servers running unauthorized versions of Cobalt Strike, a tool often misused by cybercriminals. Cobalt Strike, developed in 2012 by Raphael Mudge and now owned by ...
3 months ago Cybersecuritynews.com
Europol Announces Crackdown on Cobalt Strike Servers Used by Cybercriminals - European law enforcement agency Europol on Wednesday announced a global crackdown against the use of legitimate security tools by cybercriminals, including the takedown of nearly 600 Cobalt Strike servers linked to criminal activity. The agency said ...
3 months ago Securityweek.com
Identifying Misuse of Cobalt Strike Systems - Google Cloud recently identified 34 cracked versions of Cobalt Strike and released YARA Rules to detect them. The goal is to make it harder for malicious actors to abuse the tool. IronNet believes that a proactive approach to Cobalt Strike server ...
1 year ago Ironnet.com
Malware Takedowns Show Progress, But Fight Against Cybercrime Not Over - Takedown of malware infrastructure by law enforcement has proven to have an impact, albeit limited, on cybercriminal activity, according to threat intelligence provider Recorded Future. The Emotet takedown, led by Europol and Eurojust in 2021. The ...
9 months ago Infosecurity-magazine.com
SQL Brute Force leads to Bluesky Ransomware - In December 2022, we observed an intrusion on a public-facing MSSQL Server, which resulted in BlueSky ransomware. First discovered in June 2022, BlueSky ransomware has code links to Conti and Babuk ransomware. While other reports point to malware ...
10 months ago Thedfirreport.com
The Embedded Systems and The Internet of Things - The Internet of Things is a quite new concept dealing with the devices being connected to each other and communicating through the web environment. This concept is gaining its popularity amongst the embedded systems that exist - let's say - 10 or ...
10 months ago Cyberdefensemagazine.com
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
9 months ago Securityintelligence.com
CVE-2022-39197 - An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on the Cobalt Strike teamserver. To exploit the vulnerability, one must first inspect a Cobalt Strike ...
2 years ago
New Hacker Group Uses SQL Injection to Hack Companies - A new threat actor has been discovered to be using SQL injection attacks to gain unauthorized access to organizations in the APAC region. Among the 20, the threat actor successfully infiltrated six organizations with the legacy SQL injection attack. ...
9 months ago Cybersecuritynews.com
Water Curupira Hackers Launch Pikabot Malware Attack Windows - Pikabot is a loader malware that is active in spam campaigns and has been used by the threat group Water Curupira, which has been paused from June to September 2023 after Qakbot's takedown. The surge in Pikabot phishing campaigns was noted recently ...
9 months ago Gbhackers.com
GenAI Regulation: Why It Isn't One Size Fits All - With President Biden calling on Congress to pass bipartisan data privacy legislation to accelerate the development and use of privacy-centric techniques for the data that is training AI, it's important to remember that excessive regulation can stifle ...
7 months ago Cybersecurity-insiders.com
Creating a New Market for Post-Quantum Cryptography - A day in the busy life of any systems integrator includes many actions that revolve around the lifeblood of its business - its customers. Systems integrators help solve evolving customer business challenges, which in turn adds partner value. It's a ...
9 months ago Securityboulevard.com
Cobalt Group - Cobalt Group is a financially motivated threat group that has primarily targeted financial institutions since at least 2016. The group has conducted intrusions to steal money via targeting ATM systems, card processing, payment systems and SWIFT ...
10 months ago Attack.mitre.org
Counter-Strike 2 HTML injection bug exposes players' IP addresses - Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players' IP addresses. While initially thought to be a more severe Cross Site Scripting flaw, which ...
10 months ago Bleepingcomputer.com
How workforce reductions affect cybersecurity postures - In its State of Pentesting Report, Cobalt reveals an industry struggling to balance the use of AI and protecting against it, while facing significant resource and staffing constraints. Pentesting plays a key role in addressing this challenge, ...
5 months ago Helpnetsecurity.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
10 months ago Esecurityplanet.com
Pikabot Malware Surfaces As Qakbot Replacement for Black Basta Attacks - A threat actor associated with Black Basta ransomware attacks has been wielding a new loader similar to the notoriously hard-to-kill Qakbot, in a widespread phishing campaign aimed at gaining entry to organization networks for further malicious ...
9 months ago Darkreading.com
New 'GambleForce' Threat Actor Behind String of SQL Injection Attacks - Researchers have spotted a new threat actor targeting organizations in the Asia-Pacific region with SQL injection attacks using nothing more than publicly available, open source penetration-testing tools. The GambleForce Campaign In a report this ...
9 months ago Darkreading.com
Turkish Hackers Target Microsoft SQL Servers in Americas, Europe - Financially motivated threat actors believed to be operating out of Turkey have been caught targeting Microsoft SQL Server databases in attacks leading to the deployment of ransomware, cybersecurity firm Securonix warns in a new report. The attack ...
9 months ago Packetstormsecurity.com
Turkish Hackers Target Microsoft SQL Servers in Americas, Europe - Financially motivated threat actors believed to be operating out of Turkey have been caught targeting Microsoft SQL Server databases in attacks leading to the deployment of ransomware, cybersecurity firm Securonix warns in a new report. The attack ...
9 months ago Securityweek.com
Hackers Exploiting Poorly Unsecured MS SQL Servers - An ongoing threat campaign dubbed RE#TURGENCE has been observed, which involves targeting MS SQL servers in an attempt to deliver a MIMIC ransomware payload. Turkish threat actors with financial motivations seem to be aiming after the US, EU, and ...
9 months ago Cybersecuritynews.com
Cobalt's New Report Uncovers a Big Shift in Cybersecurity Strategy - PRESS RELEASE. SAN FRANCISCO, Feb. 14, 2024 /PRNewswire-PRWeb/ - Cobalt, the pioneers of Pentest as a Service, empowering businesses to operate fearlessly and innovate securely, has today announced the release of the inaugural OffSec Shift Report. ...
7 months ago Darkreading.com
Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids - Cyber Defense Magazine - Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the ...
1 week ago Cyberdefensemagazine.com
New Malware Uses Fileless Technique to Deploy Ransomware - The group behind the Windows Gootloader malware, known as UNC2565, has effectively modified the code to make it more intrusive and difficult to detect. Researchers at Mandiant noted UNC2565 started making significant adjustments to its operational ...
1 year ago Cybersecuritynews.com
Hackers Gaining Unauthorized Access to Windows Devices Through Silver and BYOVD Exploits - Last summer, cybercriminals began using Sliver as an alternative to Cobalt Strike, using it for monitoring networks, executing commands, loading reflective DLLs, spawning sessions, and manipulating processes. Recently, attacks have been observed ...
1 year ago Heimdalsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)