Microsoft Threat Intelligence Podcast

Disrupting Cracked Cobalt Strike

Aug 14, 2024

In this enlightening discussion, Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator at DCU, and Bob Erdman, Associate VP at Fortra, tackle the illegal use of cracked Cobalt Strike in cybercrime. They shed light on innovative DMCA strategies to combat piracy globally and discuss the significant impact of these initiatives on detection engineering. The trio also expresses optimism about extending these methods to other cyber threats, emphasizing the importance of collaboration between the public and private sectors in enhancing cybersecurity.

38:40

Creator website

Episode guests

Bob Erdman

Jason Lyons

Richard Boscovich

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The collaborative effort between Microsoft and Fortra effectively disrupted the distribution of cracked Cobalt Strike, significantly reducing its prevalence and impact on ransomware attacks.

Utilizing a creative application of the DMCA, the teams established legal precedents to expedite takedowns of sites promoting cracked Cobalt Strike, enhancing their overall cybercrime combating strategy.

Deep dives

Cracked Cobalt Strike Takedown Initiative

A major initiative was launched to dismantle the use of cracked Cobalt Strike in ransomware attacks, initiated in collaboration with Fortra. This effort stemmed from a realization that many ransomware groups were leveraging cracked versions of Cobalt Strike to facilitate their attacks, which employ sophisticated lateral movement techniques to extract data from targets. By understanding the broader ransomware ecosystem, the teams coordinated their resources and strategies to effectively target various malware groups simultaneously. The operation aimed to disrupt the distribution of this tool and gather intelligence on threat actors utilizing it.

Intro

2min

Combatting Cracked Cobalt Strike

17min

Impact of Cracked Cobalt Strike Takedowns

10min

Innovative Legal Approaches to Cybercrime and Microsoft Security Concerns

2min

Ensuring Azure's Security Through Proactive Measures

2min

Navigating Civil and Criminal Legal Frameworks in Cybercrime Response

3min

Coordinated Efforts in Internet Security and DNS Sinkholing

3min

On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks. To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse.

In this episode you’ll learn:

The impact on detection engineers due to the crackdown on cracked Cobalt Strike
Extensive automation used to detect and dismantle large-scale threats
How the team used the DMCA creatively to combat cybercrime

Some questions we ask:

Do you encounter any pushback when issuing DMCA notifications?
How do you plan to proceed following the success of this operation?
Can you explain the legal mechanisms behind this take-down?

Resources:

View Jason Lyons on LinkedIn

View Bob Erdman on LinkedIn

View Richard Boscovich on LinkedIn

View Sherrod DeGrippo on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Microsoft Threat Intelligence Podcast

Disrupting Cracked Cobalt Strike

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Cracked Cobalt Strike Takedown Initiative

Legal Mechanisms and the DMCA

Data Gathering and Multi-Source Approach

Significant Reductions in Threats

In this episode you’ll learn:

Some questions we ask:

Resources:

Related Microsoft Podcasts:

Remember Everything You Learn from Podcasts