CyberWire Daily cover image

CyberWire Daily

Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]

Jan 1, 2025
In this enlightening discussion, Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator, and Bob Erdman, Associate VP at Fortra, dive into the serious issue of cracked Cobalt Strike software, often exploited in ransomware attacks. They reveal innovative uses of DMCA notifications to disrupt cybercrime globally and share insights on the significant decline in active threats due to their collaborative efforts. The conversation also touches on automation's role in detecting threats and enhancing cybersecurity measures.
38:40

Podcast summary created with Snipd AI

Quick takeaways

  • The collaborative effort between Microsoft and Fortra aims to leverage innovative DMCA strategies to significantly disrupt the illegal use of cracked Cobalt Strike software in ransomware attacks.
  • Through extensive automation and data aggregation, the initiative has led to a notable reduction in the visibility and accessibility of cracked Cobalt Strike servers globally.

Deep dives

The Rise of Ransomware and the Focus on Cobalt Strike

The conversation highlights the increasing prevalence of ransomware attacks and the use of cracked Cobalt Strike within these cybercriminal activities. Microsoft initiated an effort in 2021 to better understand and mitigate the ransomware ecosystem's impact on global customers. This included a deep dive into the commonalities among various malware groups and their reliance on cracked versions of Cobalt Strike for lateral movement and data exfiltration. By centralizing their investigative approach, Microsoft aimed to disrupt the distribution and effectiveness of ransomware attacks.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.
App store bannerPlay store banner