Disrupting Cracked Cobalt Strike

On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks.  To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse.   

In this episode you’ll learn:      

• The impact on detection engineers due to the crackdown on cracked Cobalt Strike 
• Extensive automation used to detect and dismantle large-scale threats 
• How the team used the DMCA creatively to combat cybercrime 

Some questions we ask:     

•  Do you encounter any pushback when issuing DMCA notifications? 
•  How do you plan to proceed following the success of this operation? 
•  Can you explain the legal mechanisms behind this take-down? 

Resources:  

View Jason Lyons on LinkedIn 

View Bob Erdman on LinkedIn   

View Richard Boscovich on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

Related Microsoft Podcasts:                   

• Afternoon Cyber Tea with Ann Johnson 
• The BlueHat Podcast 
• Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.