CyberWire Daily

Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]

Jan 1, 2025

In this enlightening discussion, Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator, and Bob Erdman, Associate VP at Fortra, dive into the serious issue of cracked Cobalt Strike software, often exploited in ransomware attacks. They reveal innovative uses of DMCA notifications to disrupt cybercrime globally and share insights on the significant decline in active threats due to their collaborative efforts. The conversation also touches on automation's role in detecting threats and enhancing cybersecurity measures.

38:40

Creator website

Episode guests

Bob Erdman

Jason Lyons

Richard Boscovich

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The collaborative effort between Microsoft and Fortra aims to leverage innovative DMCA strategies to significantly disrupt the illegal use of cracked Cobalt Strike software in ransomware attacks.

Through extensive automation and data aggregation, the initiative has led to a notable reduction in the visibility and accessibility of cracked Cobalt Strike servers globally.

Deep dives

The Rise of Ransomware and the Focus on Cobalt Strike

The conversation highlights the increasing prevalence of ransomware attacks and the use of cracked Cobalt Strike within these cybercriminal activities. Microsoft initiated an effort in 2021 to better understand and mitigate the ransomware ecosystem's impact on global customers. This included a deep dive into the commonalities among various malware groups and their reliance on cracked versions of Cobalt Strike for lateral movement and data exfiltration. By centralizing their investigative approach, Microsoft aimed to disrupt the distribution and effectiveness of ransomware attacks.

Intro

2min

Takedown of Cracked Cobalt Strike

17min

Cobalt Strike: Tackling Cybercrime Challenges

10min

Innovative Legal Approaches to Cybercrime and Security Concerns

2min

Ensuring Internal Security Before External Action

2min

Navigating the Intersection of Civil and Criminal Law in Cybersecurity

3min

Disrupting Malicious Domains: The Role of DNS Sinkholes

3min

While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, The Microsoft Threat Intelligence Podcast by Microsoft Threat Intelligence. See you in 2025!

On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks. To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse.

In this episode you’ll learn:

The impact on detection engineers due to the crackdown on cracked Cobalt Strike
Extensive automation used to detect and dismantle large-scale threats
How the team used the DMCA creatively to combat cybercrime

Some questions we ask:

Do you encounter any pushback when issuing DMCA notifications?
How do you plan to proceed following the success of this operation?
Can you explain the legal mechanisms behind this take-down?

Resources:

View Jason Lyons on LinkedIn

View Bob Erdman on LinkedIn

View Richard Boscovich on LinkedIn

View Sherrod DeGrippo on LinkedIn

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

The Rise of Ransomware and the Focus on Cobalt Strike

Innovative Legal Approaches to Takedowns

Collaboration and Automation in Cyber Defense

Impacts and Future Directions

In this episode you’ll learn:

Some questions we ask:

Resources:

Related Microsoft Podcasts:

Remember Everything You Learn from Podcasts