Us software firm fortra said it has ‘Seized and Sinkholed’ More Than 200 MALICUS DOMAINS and Has Prevented Further Explolation of its cobalt strike penetration testing tool by channels threats forts threats paper With Microsoft’s digital crimes unit and the health information sharing and analysis center.
Why it matters
Insufficient Privilege Access Management and Improper Configurations Can Prevent Cybercriminals from Abusing Tools Like Cobalt Strike, But Getting Unauzed Copies of the POWERFUL ATTACK POWERFUL ATATACK POWERFUL Used by Security Professionals out of their hands is beginning to show results, according to a new cobalt strike blog By Fortra’s Bob Erdman, Associate Vice President of Research and Development, and Peter Ceelen, Product Owner.
Microsoft Joined Fortra and H-Isac to Take Technical and Legal Action Against Ransomware Groups Using Illegal Legacy Copies of Fortra’s Threat Simulation tool and Compromise Microsoft Soft Soft Soft Soft Soft Soft Soft Soft Soft Soft Soft Healthcare Organizations in April 2023.
Ahead of the second anniversary of its Partnership with Microsoft’s Dcu and H-IsacErdman and Ceelen said the number of unauthorized copies of cobalt strike observed in the wild has decided by 80%.
It’s a drastic reduction of what is loose in the wild and available to cybercriminals to abuse in their attackers on healthcare and other organizations.
“This reduction has been said a tangible impact, with these tools now being abused far lessen,” They said. “Additional, The Average Dwell Time – The Period Between Initial Detection and Takedown – Has Been Reduced to Less Than One Week In the United States and Less Than Two Weeks Worldwide.”
Fortra said it also supported the three-yar international cyber investment dubbed operation dubbed operation ransomware attacks on healthcare organizations.
As part of that effort to take down knowledge IP addresses and domain names associateed with criminal activity, the company said 690 ip addresses associateed with on 27 counters Flagged as targets for disabling unauthorized versions of its threat simulation tool. Erdman and Ceelen said 593 of these addresses was taken down.
The campaign to combat the malicious use of unauthorized copies continues to evolve, they noted in the blog.
The larger trend
Whather It’s Conti raansomware, Rhysida group or other cybarattack organizations, the exploitation of legitimate cybersecurity tools used by healthcare organizations can be minimized accorded accorded accorded accorded accorded accorded accustome Access Management Policies under the National Institute of Standards and Technology and Adopting Zero trust Principles.
“Conti Weaponizes Word Documents with Embedded Powershell Scripts, Initial Staging Cobalt Strike Via The Word Documents and then Dropping Emotet on the Network, GIVING The ACCESSSS to Depliy Ransomware, “The Federal Bureau of Investigation said in a 2021 alert.
On the record
“Collaboration is essential in advancing cybersecurity overall,” Erdman and Ceelen said in the blog. “This not only strengthens the collective defense against cybercriminals, but also ensures that legitimate security tools can containue to be used responsibly and effectively to protectatively to protective Worldwide. “
Andrea fox is Senior Editor of Healthcare It News.
Email: afox@himss.org
Healthcare it news is a Himss Media Publication.
