BlackBerry Shines Spotlight on Evolving Cobalt Strike Threat in New Book
On October 13, 2021, BlackBerry announced the release of its new book, Finding Beacons In the Dark: A Guide to Cyber Threat Intelligence, during the BlackBerry Security Summit. The book focuses on the threats posed by Cobalt Strike, a tool used by state-sponsored APT groups and cybercriminals. It outlines strategies for defending against these threats by utilizing a robust Cyber Threat Intelligence (CTI) lifecycle. BlackBerry emphasizes the growing use of Cobalt Strike in cyberattacks, including recent phishing campaigns. The book will be available in November 2021.
- BlackBerry's new book aims to enhance the cybersecurity community's understanding of threats posed by Cobalt Strike.
- The book outlines a defense framework that may strengthen cybersecurity practices for organizations.
- Cobalt Strike's continued proliferation among cybercriminals raises significant security concerns.
- APT groups, including APT41, using Cobalt Strike for phishing attacks indicates a sophisticated threat landscape.
Nation-state backed APT groups, cyber mercenaries and individual cybercriminals continue to use Cobalt Strike to develop new threats
WATERLOO, ON, Oct. 13, 2021 /PRNewswire/ -- BlackBerry Limited (NYSE: BB; TSX: BB), today, during the BlackBerry Security Summit, announced a new book: Finding Beacons In the Dark: A Guide to Cyber Threat Intelligence, detailing the evolution and prevalence of one of the most pervasive tools used by threat actors today – Cobalt Strike Beacon. The book details ways to protect against malicious Cobalt Strike payloads and outlines how a robust Cyber Threat Intelligence (CTI) lifecycle and extended detection and response (XDR) solution can provide the context needed to stop these threats.
Initially developed as an adversary simulation tool, Cobalt Strike has evolved into one of the most persistent attack methods used by state-sponsored Advanced Persistent Threat (APT) groups and criminal mercenaries alike. The book highlights the current threats facing organizations, provides a defense framework and uncovers links between cyberattacks previously thought to be disparate.
Cobalt Strike is widely used by red teams and has become heavily abused by cybercriminals due to its malleability and accessibility. The software is feature-rich, allowing for the facilitation of many attack methods and remained a favorite of numerous state-sponsored parties. The software has also played a significant role in the proliferation of ransomware seen over the past 18 months.
For businesses and cybercriminals alike, purchasing existing malware and related tools via underground forums can be significantly cheaper than developing in-house technology, making the use of Cobalt Strike ideal as it presents attribution challenges to law enforcement. This challenge can be further complicated when cyber mercenary groups are working at the behest of larger – potentially nation-state – actors.
"Cobalt Strike presents an almost perfect software for cybercriminals, while highlighting a central conundrum of the security sector – that well-built tools can both aid and increase cybercrime," said Eric Milam, VP Research and Intelligence, BlackBerry. "Cobalt Strike is feature-rich, well supported and actively maintained by its developers. Its payload provides a wealth of features for attackers. This makes it an attractive option for APT groups and cybercrime novices alike."
While the increasing proliferation of Cobalt Strike within the criminal underground presents a reason for concern, so does its continued use by sophisticated APT groups. As recently as October 2021, APT41 was witnessed using the software in phishing emails targeting Indian citizens, while Dridex operators have used Cobalt Strike heavily to underpin their recent phishing and malspam campaigns.
"The aim of this book is to aid the security community by sharing our knowledge, presenting the steps we've taken to create an automated system to hunt for Cobalt Strike, and most importantly, demonstrating how to derive meaningful threat intelligence from the resulting dataset. This information can then be used to provide insights, trends and intelligence on threat groups and campaigns," said Billy Ho, Executive Vice President of Product Engineering, BlackBerry.
BlackBerry's Finding Beacons In the Dark: A Guide to Cyber Threat Intelligence will be available in November 2021, and can be preordered at the following website link.
About BlackBerry
BlackBerry (NYSE: BB; TSX: BB) provides intelligent security software and services to enterprises and governments around the world. The company secures more than 500M endpoints including 195M vehicles. Based in Waterloo, Ontario, the company leverages AI and machine learning to deliver innovative solutions in the areas of cybersecurity, safety, and data privacy solutions, and is a leader in the areas of endpoint security, endpoint management, encryption, and embedded systems. BlackBerry's vision is clear - to secure a connected future you can trust.
BlackBerry. Intelligent Security. Everywhere.
For more information, visit BlackBerry.com and follow @BlackBerry.
Trademarks, including but not limited to BLACKBERRY and EMBLEM Design are the trademarks or registered trademarks of BlackBerry Limited, and the exclusive rights to such trademarks are expressly reserved. All other trademarks are the property of their respective owners. BlackBerry is not responsible for any third-party products or services.
Media Contacts:
BlackBerry Media Relations
+1 (519) 597-7273
mediarelations@BlackBerry.com
View original content to download multimedia:https://www.prnewswire.com/news-releases/blackberry-shines-spotlight-on-evolving-cobalt-strike-threat-in-new-book-301399428.html
SOURCE BlackBerry Limited
FAQ
What is BlackBerry's new book about?
When will BlackBerry's book on cyber threat intelligence be available?
How does Cobalt Strike relate to cybercrime?
What recent activities involve Cobalt Strike?
What is the significance of BlackBerry's message about Cobalt Strike?
