Nation-state backed APT groups, cyber mercenaries and
individual cybercriminals continue to use Cobalt Strike to develop
new threats
WATERLOO, ON, Oct. 13, 2021 /PRNewswire/ -- BlackBerry
Limited (NYSE: BB; TSX: BB), today, during the BlackBerry
Security Summit, announced a new book: Finding Beacons In the
Dark: A Guide to Cyber Threat Intelligence,
detailing the evolution and prevalence of one of the most pervasive
tools used by threat actors today – Cobalt Strike Beacon. The book
details ways to protect against malicious Cobalt Strike payloads
and outlines how a robust Cyber Threat Intelligence (CTI) lifecycle
and extended detection and response (XDR) solution can provide the
context needed to stop these threats.
Initially developed as an adversary simulation tool, Cobalt
Strike has evolved into one of the most persistent attack methods
used by state-sponsored Advanced Persistent Threat (APT) groups and
criminal mercenaries alike. The book highlights the current threats
facing organizations, provides a defense framework and uncovers
links between cyberattacks previously thought to be disparate.
Cobalt Strike is widely used by red teams and has become heavily
abused by cybercriminals due to its malleability and accessibility.
The software is feature-rich, allowing for the facilitation of many
attack methods and remained a favorite of numerous state-sponsored
parties. The software has also played a significant role in the
proliferation of ransomware seen over the past 18 months.
For businesses and cybercriminals alike, purchasing existing
malware and related tools via underground forums can be
significantly cheaper than developing in-house technology, making
the use of Cobalt Strike ideal as it presents attribution
challenges to law enforcement. This challenge can be further
complicated when cyber mercenary groups are working at the behest
of larger – potentially nation-state – actors.
"Cobalt Strike presents an almost perfect software for
cybercriminals, while highlighting a central conundrum of the
security sector – that well-built tools can both aid and increase
cybercrime," said Eric Milam, VP
Research and Intelligence, BlackBerry. "Cobalt Strike is
feature-rich, well supported and actively maintained by its
developers. Its payload provides a wealth of features for
attackers. This makes it an attractive option for APT groups and
cybercrime novices alike."
While the increasing proliferation of Cobalt Strike within the
criminal underground presents a reason for concern, so
does its continued use by sophisticated APT groups.
As recently as October
2021, APT41 was witnessed using the software in
phishing emails targeting Indian citizens, while Dridex operators
have used Cobalt Strike heavily to underpin their recent
phishing and malspam campaigns.
"The aim of this book is to aid the security community by
sharing our knowledge, presenting the steps we've taken to create
an automated system to hunt for Cobalt Strike, and most
importantly, demonstrating how to derive meaningful
threat intelligence from the resulting dataset. This
information can then be used to provide insights,
trends and intelligence on threat groups and campaigns," said
Billy Ho, Executive Vice President
of Product Engineering, BlackBerry.
BlackBerry's Finding Beacons In the Dark: A Guide to Cyber Threat
Intelligence will be available in November 2021, and can be preordered at the
following website link.
About BlackBerry
BlackBerry (NYSE: BB; TSX: BB)
provides intelligent security software and services to enterprises
and governments around the world. The company secures more
than 500M endpoints including
195M vehicles. Based in Waterloo, Ontario, the company leverages AI
and machine learning to deliver innovative solutions in the areas
of cybersecurity, safety, and data privacy solutions, and is a
leader in the areas of endpoint security, endpoint management,
encryption, and embedded systems. BlackBerry's vision is
clear - to secure a connected future you can trust.
BlackBerry. Intelligent Security. Everywhere.
For more information, visit BlackBerry.com and follow
@BlackBerry.
Trademarks, including but not limited to BLACKBERRY and
EMBLEM Design are the trademarks or registered trademarks of
BlackBerry Limited, and the exclusive rights to such trademarks are
expressly reserved. All other trademarks are the property of their
respective owners. BlackBerry is not responsible for any
third-party products or services.
Media Contacts:
BlackBerry Media Relations
+1 (519) 597-7273
mediarelations@BlackBerry.com
View original content to download
multimedia:https://www.prnewswire.com/news-releases/blackberry-shines-spotlight-on-evolving-cobalt-strike-threat-in-new-book-301399428.html
SOURCE BlackBerry Limited