Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 1 January 2025

⏱️ 37 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, The Microsoft Threat Intelligence Podcast by Microsoft Threat Intelligence. See you in 2025! On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks. To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse. In this episode you’ll learn: The impact on detection engineers due to the crackdown on cracked Cobalt Strike Extensive automation used to detect and dismantle large-scale threats How the team used the DMCA creatively to combat cybercrime Some questions we ask: Do you encounter any pushback when issuing DMCA notifications? How do you plan to proceed following the success of this operation? Can you explain the legal mechanisms behind this take-down? Resources: View Jason Lyons on LinkedIn View Bob Erdman on LinkedIn View Richard Boscovich on LinkedIn View Sherrod DeGrippo on LinkedIn Related Microsoft Podcasts: Afternoon Cyber Tea with Ann Johnson The BlueHat Podcast Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Get the latest threat intelligence insights and guidance at Microsoft Security Insider The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	Welcome to the Microsoft Threat Intelligence podcast.
0:08.0	I'm Sherrod Grippo.
0:10.0	Ever wanted to step into the shadowy realm of digital espionage?
0:13.0	Cybercrime, social engineering, fraud.
0:16.0	Well, each week, dive deep with us into the underground.
0:19.0	Come here for Microsoft's elite threat intelligence researchers.
0:23.6	Join us as we decode mysteries, expose hidden adversaries,
0:27.6	and shape the future of cybersecurity.
0:30.6	It might get a little weird.
0:33.6	But don't worry, I'm your guide to the back alleys of the threat landscape.
0:47.3	The effort to not cracked Cobalt strike offline began in 2021 when DCU, an eclectic global group of cybercrime fighters, wanted to make a bigger dent on the rise in ransomware attacks.
0:52.2	Previous operations had targeted individual botnets like Trickbot and Neckers separately.
0:57.3	But ransomware investigator Jason Lyons proposed a major operation,
1:01.3	targeting many malware groups and focused on what they had in common.
1:05.9	Their use of cracked, legacy, cobalt strike.
1:10.2	Welcome to the Microsoft Threat Intelligence Podcast, and oh boy, we're talking Cracked Cobalt Strike Take Down, and I am joined by my guests, Richard Boscovich, also known as Bosco, Assistant General Counsel at Microsoft, Jason Lyons, principal investigator with the DCU at Microsoft,
1:29.8	and Bob Erdman, Associate VP Research and Development at Fortra. Thank you for joining me.
1:36.6	Thanks for having us. Thank you.
1:38.4	There's a lot of really interesting articles written about the Cobalt Strike Take Down.
1:43.3	And it happened about a year ago.
1:45.6	So I think, Jason, since you're sort of the lead and the technical aspect of the start of this,
1:52.2	can you kind of walk me through what happened here and why Microsoft chose to partner with
	...

Transcript will be available on the free plan in -44 days. Upgrade to see the full transcript now.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.