About 67 percent of those backdoor cases were ransomware attempts, though defenders were able to detect the backdoor before the ransomware was deployed. IBM’s 2023 Security X-Force Threat Intelligence Index Opens a new window notes the deployment of backdoors (like Cobalt Strike) emerged as attackers’ top action last year. Nevertheless, Cobalt Strike continues to feature in prominent attacks, including the infamous SolarWinds supply chain attack. The surge of Cobalt Strike exploitations has led Google Cloud’s intelligence research to release 165 YARA Opens a new window rules to try and improve detection mechanisms.
The MITRE ATT&CK knowledge base documents over 50 techniques the Cobalt Strike framework uses and over 20 APT groups actively exploiting the framework. Unfortunately, threat actors ranging from ransomware operators to state-sponsored advanced persistent threat (APT) groups also use Cobalt Strike for their own malicious ends. Cobalt Strike’s Beacon is a post-exploitation backdoor and part of a rich Cobalt Strike framework used to achieve persistence, privilege escalation, and lateral movement within a network. That’s moving target defense, explains Michael Gorelik, CTO of Morphisec.Ĭobalt Strike is an adversary simulation tool developed for pen-testing to emulate the tactics and techniques malicious actors use when attempting to access and control a target’s network. Stopping these attacks requires a layered security posture that secures the in-memory security gap of detection-based security solutions. Right now, a variety of threat actors, including a dvanced persistent threat groups, are abusing Cobalt Strike for malicious ends.
0 kommentar(er)
