BlackBerry Shines Spotlight on Evolving Cobalt Strike Threat in New Book

- October 13th, 2021

Nation-state backed APT groups, cyber mercenaries and individual cybercriminals continue to use Cobalt Strike to develop new threats BlackBerry Limited today, during the BlackBerry Security Summit, announced a new book: Finding Beacons In the Dark: A Guide to Cyber Threat Intelligence, detailing the evolution and prevalence of one of the most pervasive tools used by threat actors today Cobalt Strike Beacon. The book …

Nation-state backed APT groups, cyber mercenaries and individual cybercriminals continue to use Cobalt Strike to develop new threats

BlackBerry Limited (NYSE: BB; TSX: BB), today, during the BlackBerry Security Summit, announced a new book: Finding Beacons In the Dark: A Guide to Cyber Threat Intelligence, detailing the evolution and prevalence of one of the most pervasive tools used by threat actors today Cobalt Strike Beacon. The book details ways to protect against malicious Cobalt Strike payloads and outlines how a robust Cyber Threat Intelligence (CTI) lifecycle and extended detection and response (XDR) solution can provide the context needed to stop these threats.

Initially developed as an adversary simulation tool, Cobalt Strike has evolved into one of the most persistent attack methods used by state-sponsored Advanced Persistent Threat (APT) groups and criminal mercenaries alike. The book highlights the current threats facing organizations, provides a defense framework and uncovers links between cyberattacks previously thought to be disparate.

Cobalt Strike is widely used by red teams and has become heavily abused by cybercriminals due to its malleability and accessibility. The software is feature-rich, allowing for the facilitation of many attack methods and remained a favorite of numerous state-sponsored parties. The software has also played a significant role in the proliferation of ransomware seen over the past 18 months.

For businesses and cybercriminals alike, purchasing existing malware and related tools via underground forums can be significantly cheaper than developing in-house technology, making the use of Cobalt Strike ideal as it presents attribution challenges to law enforcement. This challenge can be further complicated when cyber mercenary groups are working at the behest of larger – potentially nation-state – actors.

“Cobalt Strike presents an almost perfect software for cybercriminals, while highlighting a central conundrum of the security sector – that well-built tools can both aid and increase cybercrime,” said Eric Milam , VP Research and Intelligence, BlackBerry. “Cobalt Strike is feature-rich, well supported and actively maintained by its developers. Its payload provides a wealth of features for attackers. This makes it an attractive option for APT groups and cybercrime novices alike.”

While the increasing proliferation of Cobalt Strike within the criminal underground presents a reason for concern, so does its continued use by sophisticated APT groups. As recently as October 2021 , APT41 was witnessed using the software in phishing emails targeting Indian citizens, while Dridex operators have used Cobalt Strike heavily to underpin their recent phishing and malspam campaigns .

“The aim of this book is to aid the security community by sharing our knowledge, presenting the steps we’ve taken to create an automated system to hunt for Cobalt Strike, and most importantly, demonstrating how to derive meaningful threat intelligence from the resulting dataset. This information can then be used to provide insights, trends and intelligence on threat groups and campaigns,” said Billy Ho , Executive Vice President of Product Engineering, BlackBerry.

BlackBerry’s Finding Beacons In the Dark: A Guide to Cyber Threat Intelligence will be available in November 2021 , and can be preordered at the following website link .

About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including 195M vehicles. Based in Waterloo, Ontario , the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety, and data privacy solutions, and is a leader in the areas of endpoint security, endpoint management, encryption, and embedded systems.  BlackBerry’s vision is clear – to secure a connected future you can trust.

BlackBerry. Intelligent Security. Everywhere.

For more information, visit BlackBerry.com and follow @BlackBerry.

Trademarks, including but not limited to BLACKBERRY and EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, and the exclusive rights to such trademarks are expressly reserved. All other trademarks are the property of their respective owners. BlackBerry is not responsible for any third-party products or services.

Media Contacts:
BlackBerry Media Relations
+1 (519) 597-7273
mediarelations@BlackBerry.com

Cision View original content to download multimedia: https://www.prnewswire.com/news-releases/blackberry-shines-spotlight-on-evolving-cobalt-strike-threat-in-new-book-301399428.html

SOURCE BlackBerry Limited

News Provided by Canada Newswire via QuoteMedia

Tags

Tags: ,

Leave a Reply