BlackBerry Limited (NYSE: BB; TSX: BB) has announced the launch of a new book: Finding Beacons In the Dark: A Guide to Cyber Threat Intelligence, detailing the evolution and prevalence of one of the most pervasive tools used by threat actors today – Cobalt Strike Beacon.
The book details ways to protect against malicious Cobalt Strike payloads and outlines how a robust Cyber Threat Intelligence (CTI) lifecycle and extended detection and response (XDR) solution can provide the context needed to stop these threats.
Initially developed as an adversary simulation tool, Cobalt Strike has evolved into one of the most persistent attack methods used by state-sponsored Advanced Persistent Threat (APT) groups and criminal mercenaries alike. The book highlights the current threats facing organizations, provides a defense framework and uncovers links between cyberattacks previously thought to be disparate.
Cobalt Strike is widely used by red teams and has become heavily abused by cybercriminals due to its malleability and accessibility. The software is feature-rich, allowing for the facilitation of many attack methods and remained a favorite of numerous state-sponsored parties. The software has also played a significant role in the proliferation of ransomware seen over the past 18 months.
For businesses and cybercriminals alike, purchasing existing malware and related tools via underground forums can be significantly cheaper than developing in-house technology, making the use of Cobalt Strike ideal as it presents attribution challenges to law enforcement. This challenge can be further complicated when cyber mercenary groups are working at the behest of larger – potentially nation-state – actors.
“Cobalt Strike presents an almost perfect software for cybercriminals, while highlighting a central conundrum of the security sector – that well-built tools can both aid and increase cybercrime,” said Eric Milam, VP Research and Intelligence, BlackBerry. “Cobalt Strike is feature-rich, well supported and actively maintained by its developers. Its payload provides a wealth of features for attackers. This makes it an attractive option for APT groups and cybercrime novices alike.”
While the increasing proliferation of Cobalt Strike within the criminal underground presents a reason for concern, so does its continued use by sophisticated APT groups. As recently as October 2021, APT41 was witnessed using the software in phishing emails targeting Indian citizens, while Dridex operators have used Cobalt Strike heavily to underpin their recent phishing and malspam campaigns.
“The aim of this book is to aid the security community by sharing our knowledge, presenting the steps we’ve taken to create an automated system to hunt for Cobalt Strike, and most importantly, demonstrating how to derive meaningful threat intelligence from the resulting dataset. This information can then be used to provide insights, trends and intelligence on threat groups and campaigns,” said Billy Ho, Executive Vice President of Product Engineering, BlackBerry.
BlackBerry’s Finding Beacons In the Dark: A Guide to Cyber Threat Intelligence will be available in November 2021, and can be preordered at the following website link