CyberWire Daily Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]
10 snips
Jan 1, 2025 In this enlightening discussion, Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator, and Bob Erdman, Associate VP at Fortra, dive into the serious issue of cracked Cobalt Strike software, often exploited in ransomware attacks. They reveal innovative uses of DMCA notifications to disrupt cybercrime globally and share insights on the significant decline in active threats due to their collaborative efforts. The conversation also touches on automation's role in detecting threats and enhancing cybersecurity measures.
AI Snips
Chapters
Transcript
Episode notes
Cobalt Strike: Legitimate Tool, Illegitimate Use
- Cobalt Strike is a legitimate red teaming tool used by defenders for testing network defenses.
- Threat actors illegally obtained copies of Cobalt Strike, exploiting it for lateral movement and data exfiltration.
Creative Use of DMCA
- Microsoft creatively leveraged DMCA to combat the illegal use of cracked Cobalt Strike software.
- The DMCA traditionally protects copyrighted material but was applied to APIs within the software.
DMCA and Court Orders
- Some hosting providers were unresponsive to traditional DMCA notifications.
- Microsoft used court orders based on the DMCA and copyright infringement of APIs in ransomware, accelerating takedowns.