Microsoft Takes the Lead in Global Crackdown Against Cobalt Strike, Safeguarding Healthcare from Ransomware Attacks

The healthcare industry has been a primary target for cybercriminals, especially during the COVID-19 pandemic. The rise of ransomware attacks has put the lives of patients at risk and caused significant financial losses for healthcare organizations. In response, Microsoft has taken the lead in a global crackdown against Cobalt Strike, a tool widely used by hackers to launch ransomware attacks. This move by Microsoft is a significant step towards safeguarding the healthcare industry and protecting patients' data from cyber threats. In this article, we will explore the impact of ransomware attacks on healthcare organizations and how Microsoft's initiative can help mitigate the risks.

Executive Summary

Microsoft, the Health Information Sharing and Analysis Center (Health-ISAC) and other partners have announced a widespread technical and legal crackdown against servers hosting “cracked” copies of Cobalt Strike; a tool commonly deployed by cyber criminals to distribute malware, including ransomware.

The primary goal is to prevent hackers from continuing to use Cobalt Strike in ransomware attacks that target hospitals and healthcare groups. Ransomware attackers using cracked copies of Cobalt Strike have been linked to 68 hits on healthcare organizations in at least 19 countries. Attacks have disrupted critical patient care services, and exacted unnecessary financial tolls on organizations.

Cobalt Strike Crackdown Explained

The attacks have affected turn-around times for diagnostic, imaging and laboratory results. Attacks have also led to canceled medical procedures and delays in the delivery of chemotherapy treatments. In the long-run, these types of cyber attacks have negative impacts on hospitals and patients alike, and can increase mortality rates.

More Critical Information

On Friday March 31st, the U.S. District Court for the Eastern District of New York issued a court order permitting Microsoft and a partner organization to seize the domain names and to remove the IP addresses of servers hosting cracked versions of Cobalt Strike.

The malicious infrastructure will be removed from the internet with the help of relevant computer emergency readiness teams (CERTs) and internet service providers. Takedowns have already begun.

“Disrupting cracked legal copies of Cobalt Strike will significantly hinder the monetization of these illegal copies and slow their use in cyber attacks, forcing criminals to re-evaluate and change their tactics,” Amy Hogan-Burney, stated head of Microsoft’s Digital Crimes Unit (DCU).

How It Happened

Previously known as Help Systems, Fortra released Cobalt Strike in 2012. The product was designed as a legitimate commercial pen testing tool for red teams, who would use it to scan infrastructure for vulnerabilities.

While the developer carefully screens customers and only provides licenses for lawful use, over time, malicious persons have obtained and distributed cracked versions of the software. In turn, Cobalt Strike has become a frequently used tool in ransomware and data theft-related cyber attacks.

Malicious Infrastructure

Microsoft has found malicious infrastructure hosting Cobalt Strike in every region of the globe, from China, to the United States, to Russia. While the exact identities of the criminals behind the operations remain unknown, two infamous Russian-speaking ransomware gangs, Conti and LockBit, are believed to be involved.

Microsoft has also observed several state-backed cyber attack groups using Cobalt Strike versions while serving the interests of foreign governments. The legal crackdown follows Google Cloud’s identification of 34 different hacked versions of the Cobalt Strike tool in the wild.

Microsoft Takes on ‘Sinkholing’ and More

In order to help prevent future related cyber attacks, Microsoft says that it’s going to pursue ‘sinkholing,’ meaning that it will redirect certain malicious domains to Microsoft so that the company can identify victims.

Microsoft has previously tapped civil orders to seize domains and IP addresses associated with specific malware, but the recent court order represents the first time where Redmond has attempted to take down a malicious hacking tool on such a massive scale.

In planning for tomorrow, Microsoft has already begun digging into the hacking tools that cyber criminals may turn to once Cobalt Strike becomes a non-option.

“…We are going to seek a permanent injunction because we believe this activity will continue…They [cyber criminals] will look to move hosting [sites] for the cracked versions of Cobalt Strike because it is an effective tool for them. And we will continue to chase them,” stated Hogan-Burney.

Conclusion

For more ransomware insights, please see CyberTalk.org’s past coverage. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.

EXECUTIVE SUMMARY:

Microsoft, the Health Information Sharing and Analysis Center (Health-ISAC) and other partners have announced a widespread technical and legal crackdown against servers hosting “cracked” copies of Cobalt Strike; a tool commonly deployed by cyber criminals to distribute malware, including ransomware.

Cobalt Strike crackdown explained

The primary goal is to prevent hackers from continuing to use Cobalt Strike in ransomware attacks that target hospitals and healthcare groups. Ransomware attackers using cracked copies of Cobalt Strike have been linked to 68 hits on healthcare organizations in at least 19 countries. Attacks have disrupted critical patient care services, and exacted unnecessary financial tolls on organizations.

More critical information

On Friday March 31st, the U.S. District Court for the Eastern District of New York issued a court order permitting Microsoft and a partner organization to seize the domain names and to remove the IP addresses of servers hosting cracked versions of Cobalt Strike.

The malicious infrastructure will be removed from the internet with the help of relevant computer emergency readiness teams (CERTs) and internet service providers. Takedowns have already begun.

How it happened

Previously known as Help Systems, Fortra released Cobalt Strike in 2012. The product was designed as a legitimate commercial pen testing tool for red teams, who would use it to scan infrastructure for vulnerabilities.

While the developer carefully screens customers and only provides licenses for lawful use, over time, malicious persons have obtained and distributed cracked versions of the software. In turn, Cobalt Strike has become a frequently used tool in ransomware and data theft-related cyber attacks.

Malicious infrastructure

Microsoft has found malicious infrastructure hosting Cobalt Strike in every region of the globe, from China, to the United States, to Russia. While the exact identities of the criminals behind the operations remain unknown, two infamous Russian-speaking ransomware gangs, Conti and LockBit, are believed to be involved.

Microsoft has also observed several state-backed cyber attack groups using Cobalt Strike versions while serving the interests of foreign governments. The legal crackdown follows Google Cloud’s identification of 34 different hacked versions of the Cobalt Strike tool in the wild.

Microsoft takes on ‘sinkholing’ and more

In order to help prevent future related cyber attacks, Microsoft says that it’s going to pursue ‘sinkholing,’ meaning that it will redirect certain malicious domains to Microsoft so that the company can identify victims.

Microsoft has previously tapped civil orders to seize domains and IP addresses associated with specific malware, but the recent court order represents the first time where Redmond has attempted to take down a malicious hacking tool on such a massive scale.

In planning for tomorrow, Microsoft has already begun digging into the hacking tools that cyber criminals may turn to once Cobalt Strike becomes a non-option.

“…We are going to seek a permanent injunction because we believe this activity will continue…They [cyber criminals] will look to move hosting [sites] for the cracked versions of Cobalt Strike because it is an effective tool for them. And we will continue to chase them,” stated Hogan-Burney.

For more ransomware insights, please see CyberTalk.org’s past coverage. Lastly, to receive more cutting-edge cyber security news, best practices and analyses, please sign up for the CyberTalk.org newsletter.

Microsoft, the Health Information Sharing and Analysis Center (Health-ISAC), and other partners have launched a legal and technical crackdown against servers hosting pirated copies of Cobalt Strike. The tool is commonly used by cyber criminals to distribute malware, including ransomware, and the aim is to prevent its use in attacks targeting hospitals and healthcare groups. Ransomware attackers using pirated copies of Cobalt Strike have been linked to 68 hits on healthcare organisations in at least 19 countries, disrupting critical patient care services and exacting unnecessary financial tolls on organisations. The crackdown will involve the removal of malicious infrastructure from the internet with the help of relevant computer emergency readiness teams (CERTs) and internet service providers.

On Friday March 31st, the US District Court for the Eastern District of New York issued a court order permitting Microsoft and a partner organisation to seize the domain names and remove the IP addresses of servers hosting pirated versions of Cobalt Strike. Disrupting pirated copies of Cobalt Strike will significantly hinder their monetisation and slow their use in cyber attacks, forcing criminals to re-evaluate and change their tactics. Previously known as Help Systems, Fortra released Cobalt Strike in 2012 as a legitimate commercial pen testing tool for red teams. While the developer carefully screens customers and only provides licences for lawful use, over time, malicious individuals have obtained and distributed pirated versions of the software.

Microsoft has found malicious infrastructure hosting Cobalt Strike in every region of the globe, from China to the United States to Russia. While the exact identities of the criminals behind the operations remain unknown, two infamous Russian-speaking ransomware gangs, Conti and LockBit, are believed to be involved. Microsoft has also observed several state-backed cyber attack groups using Cobalt Strike versions while serving the interests of foreign governments. In order to help prevent future related cyber attacks, Microsoft says it will redirect certain malicious domains to itself to identify victims.

Microsoft has previously seized domains and IP addresses associated with specific malware, but the recent court order represents the first time it has attempted to take down a malicious hacking tool on such a massive scale. In planning for tomorrow, Microsoft has already begun to investigate the hacking tools that cyber criminals may turn to once Cobalt Strike becomes a non-option. The company plans to seek a permanent injunction against the use of pirated copies of Cobalt Strike because it believes that such activity will continue.

Microsoft, in collaboration with the Health Information Sharing and Analysis Center (Health-ISAC) and other partners, has launched a technical and legal crackdown against servers hosting "cracked" copies of Cobalt Strike. The tool is commonly used by cyber criminals to distribute malware, including ransomware, and the crackdown aims to prevent hackers from using it in attacks targeting hospitals and healthcare groups. Ransomware attackers using cracked copies of Cobalt Strike have been linked to 68 hits on healthcare organisations in at least 19 countries. The attacks have disrupted critical patient care services, leading to cancelled medical procedures and delays in the delivery of chemotherapy treatments. The US District Court for the Eastern District of New York issued a court order permitting Microsoft and a partner organisation to seize the domain names and remove the IP addresses of servers hosting cracked versions of Cobalt Strike. The malicious infrastructure will be removed from the internet with the help of relevant Computer Emergency Readiness Teams (CERTs) and internet service providers. Microsoft has found malicious infrastructure hosting Cobalt Strike in every region of the globe, from China to the United States to Russia.

https://www.techguruhub.net/microsoft-takes-the-lead-in-global-crackdown-against-cobalt-strike-safeguarding-healthcare-from-ransomware-attacks/?feed_id=171384&_unique_id=64a1bc86c826a

Comments

Post a Comment

Popular posts from this blog

Need an Hosting for Wordpress? The Best WordPress Hosting Sites Providers in 2022

Image
Need to a dedicated hosting for wordpress? If you need to create a website fast, WordPress is one of the most popular and adaptable content management systems. These best hosting providers provide you with the resources you need to build a strong site using the popular CMS plus compare the pricing, features, performance, and support of WordPress hosting providers to determine which is best for you or your company. We know this, an hosting for wordpress are precious for our business. Most individuals who have used a content management system will claim they've used WordPress. For the greater part of two decades, open-source software has powered a wide range of websites, from major media brands like Rolling Stone to one-person blogging operations. The accurancy of choose a perfect wordpress website hosting it's a Pro move. Customers like WordPress because it allows them to create a professional bespoke website utilizing a choice of themes, plug-ins, a
Read more

Need an Hosting for Wordpress? The Best WordPress Hosting Sites Providers in 2022

Image
Need to a dedicated hosting for wordpress? If you need to create a website fast, WordPress is one of the most popular and adaptable content management systems. These best hosting providers provide you with the resources you need to build a strong site using the popular CMS plus compare the pricing, features, performance, and support of WordPress hosting providers to determine which is best for you or your company. We know this, an hosting for wordpress are precious for our business. Most individuals who have used a content management system will claim they've used WordPress. For the greater part of two decades, open-source software has powered a wide range of websites, from major media brands like Rolling Stone to one-person blogging operations. The accurancy of choose a perfect wordpress website hosting it's a Pro move. Customers like WordPress because it allows them to create a professional bespoke website utilizing a choice of themes, plug-ins, a
Read more

Getting Started with Open Shortest Path First (OSPF)

Image
OSPF is amazing and funzional in enterprise networks. The OSPF interior routing protocol is very common. OSPF performs an excellent job of estimating cost values in order to choose the shortest path to its destinations first. The three types of Open Shortest Path First activities are as follows: Neighbor and adjacency initialization LSA flooding SPF tree calculation We'll go through the fundamentals of Open Shortest Path First, as well as its functionality and setup, in this report.   ON THIS PAGE: Getting Started with Open Shortest Path First (OSPF) Initialization of neighbours and adjacencies Flooding and State Advertisements The fundamentals of Open Shortest Path First configuration   Initialization of neighbours and adjacencies[ps2id id='Initialization of neighbours and adjacencies' target=''/] This is the very first step in the Open Shortest Path First method. This role, as well as the ma
Read more