Connect with us

ZDNET

This is how the Cobalt Strike penetration testing tool is being abused by cybercriminals

Published

on

New research shows how Cobalt Strike is being weaponized in campaigns deploying malware ranging from the Trickbot banking Trojan to Bazar.

On Wednesday, Intel 471 published a report exploring the abuse of Cobalt Strike, a commercial penetration testing tool released in 2012 which can be used to deploy beacons on systems to simulate attacks and test network defenses.

In January, security analysts said that Cobalt Strike, alongside the Metasploit framework, was used to host over 25% of all malicious command-and-control (C2) servers deployed in 2020.

The popular penetration testing kit, of which source code for version 4.0 was allegedly leaked online in 2020, has been abused by threat actors for years and has become a go-to tool for advanced persistent threat (APT) groups including Carbanak and Cozy Bear.

According to Fox-IT, thousands of instances of Cobalt Strike abuse have been recorded, but most threat actors will use legacy, pirate, or cracked copies of the software.

“Cobalt Strike has become a very common second-stage payload for many malware campaigns across many malware families,” Intel 471 notes. “Access to this powerful and highly flexible tool has been limited by the product’s developers, but leaked versions have long spread across the internet.”

The researchers say that the existing abuse of Cobalt Strike has been linked to campaigns ranging from ransomware deployment to surveillance and data exfiltration, but as the tool allows users to create malleable C2 architectures, it can be complicated to trace C2 owners.

However, the team has conducted an investigation into the use of Cobalt Strike in post-exploitation activities.

Trickbot was chosen as a starting point. Trickbot banking Trojan operators have dropped Cobalt Strike in attacks dating back to 2019 — alongside Meterpreter and PowerShell Empire — as well as in attacks traced by Walmart Global Tech and SentinelLabs.

The Hancitor group (MAN1/Moskalvzapoe/TA511), has also now begun using Cobalt Strike. Once linked to the deployment of the Gozi Trojan and Evil Pony information stealer, as noted by Palo Alto Networks, recent infections have shown that these tools have been replaced with Cobalt Strike. During post-exploit activities, Hancitor will then deploy either a Remote Access Trojan (RAT), information stealers, or, in some cases, spambot malware.

“The group setting up the Cobalt Strike team servers related to Hancitor prefer to host their CS beacons on hosts without a domain,” Intel 471 says. “The CS beacons will call home to the same set of IPs. Stagers are downloaded from infrastructure set up via Yalishanda bulletproof hosting service. It’s important to note that Hancitor only drops Cobalt Strike on machines that are connected to a Windows domain. When this condition isn’t met, Hancitor may drop SendSafe (a spambot), the Onliner IMAP checker, or the Ficker information stealer.”

The researchers also explore the use of Cobalt Strike by threat actors distributing the Qbot/Qakbot banking Trojan, of which one of the plugins — plugin_cobalt_power3 — enables the pen testing tool.

“The configuration extracted from the Qbot-related Cobalt Strike beacon doesn’t show any links to any other groups that we are aware of,” the report states. “When comparing this activity to samples reported by other researchers, we observed different public Malleable-C2 profiles used, but commonalities in hosting infrastructure.”

Operators of SystemBC malware variants, as reported by Proofpoint, utilizes SOCKS5 proxies to mask network traffic and have been included as a payload in both RIG and Fallout exploit kits. According to Intel 471, ransomware operators have also adopted SystemBC, which has dropped Cobalt Strike during campaigns across 2020 and early 2021. However, the team has not attributed these recent campaigns to specific, known threat actors.

Also of note, in early 2021, Bazar campaigns were recorded as sending and distributing Cobalt Strike rather than typical Bazar loaders used by the threat actors in the past.

“Cobalt Strike is a powerful tool that’s being leveraged by people that shouldn’t be leveraging it at all: a growing number of cybercriminals,” the researchers say. “That said, not all deployments of Cobalt Strike are the same. Some deployments demonstrate bad operational security by re-using infrastructure and not changing their malleable-C2 profiles. Additionally, some operators drop Cobalt Strike on many infected systems, while others will only deploy the tool very selectively.”

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/this-is-how-the-cobalt-strike-penetration-testing-tool-is-being-abused-by-cybercriminals/#ftag=RSSbaffb68

ZDNET

Stop calling DevOps teams ‘DevOps teams’

Published

on

The authors of Puppet’s latest industry-wide DevOps survey have a bit of advice for DevOps proponents: stop calling it “DevOps.” It’s only creating confusion. And don’t even get started on DevSecOps. They also bring another interesting tidbit of news: a well-designed IT architecture can help resolve corporate cultural issues.

That’s the word from Puppet’s 2021 State of DevOps Report, which includes the experiences of 2,650 IT, development, and information security professionals. It’s not that DevOps is slipping in popularity — 83% are implementing DevOps, and many are seeing benefits including more rapid delivery of quality software. 

Also: What is low-code and no-code? A guide to development platforms

“We strongly believe that the presence of ‘DevOps teams’ is confusing for the industry and many organizations, and in most cases doesn’t help organizations evolve,” the survey report’s authors, led by Nigel Kersten, CTO of Puppet, and Kate McCarthy, principal at ClearPath Strategies, state. “In our experience, organizations that have less ambiguous team names, with more clearly defined responsibilities, are far more likely to have a higher performing IT function.” 

DevOps functions are typically charged with a range of responsibilities, including the following identified through survey respondents’ self-descriptions of their teams:

  • Traditional infrastructure & operations
  • System administration
  • End-to-end product responsibilities
  • Supporting development teams with a combination of release automation, deployment pipelines, and tooling
  • Building the awkward things that application developers don’t want or need to care about: infrastructure, container fabrics, monitoring, and metrics.
  • Encouraging and enabling DevOps practices across an organization

“Lack of clarity around team identities creates significant organizational friction, impeding software delivery in a variety of ways,” Kersten and McCarthy advise. “We suggest that organizations move away from the use of ‘DevOps’ teams towards clearer team names, and in particular that the use of stream-aligned and platform teams is a well-defined path to achieving DevOps success at scale.” 

In other words, DevOps may be the mechanism by which teams goals are accomplished, but is not a goal in itself. And security should be built into these efforts from the start — not a separate “DevSecOps” effort.  

The Puppet team also looked at a smaller segment, what they call “highly evolved firms” that have seen greater success with DevOps approaches, to track what they are doing differently from their lagging peers. For starters, they take a platform approach, “enabling developers to access authentication (62%), container orchestration (60%), and service-to-service authentication (53%), tracing and observability (49%), and logging request (47%) services via self-service.” This was accomplished “by understanding their internal customers and offering a curated set of technologies for infrastructure and for development capabilities on their platform.”

Teams also look different in highly evolved firms, the Puppet team observes. They employ “a combination of stream-aligned teams and platform teams as the most effective way to manage team cognitive load at scale, and they have a small number of team types whose role and responsibilities are clearly understood by their adjacent teams.” Tellingly, 91% of highly evolved teams report a clear understanding of their responsibilities to other teams, compared to only 46% of low-evolution teams. In addition, 89% of highly evolved teams report members of their own team have clear roles, plans, and goals for their work, compared to just 46% of low-evolution teams.

Highly evolved teams worry less about corporate cultural issues that tend to hamstring DevOps efforts. It’s not that they’re less concerned about culture. Rather, they’ve created a technology stack that enables workflows and information to scale and move quickly to where it is needed. They moved to an approach that “leverages significant automation and invested in internal platforms,” Kersten and McCarthy state. In short, for highly evolved firms, culture is no longer a barrier.

For example, the survey shows, 84% of highly evolved firms can elastically provision and release capabilities — in some cases automatically — to scale rapidly outward and inward commensurate with demand. Only 17% of low-evolution firms can scale elastically, the survey reports. Similarly, developers at 79% of highly evolved firms can provision computing capabilities, such as server time and network storage, as needed automatically — versus only 16% of firms at the lowest level of DevOps evolution.  

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.

Click here to access.

Source: https://www.zdnet.com/article/stop-calling-devops-teams-devops-teams/#ftag=RSSbaffb68

Continue Reading

ZDNET

Tech jobs have an image problem, and it’s making the skills shortage worse

Published

on

young-woman-employee-working-desk-office-laughing.jpg

Getting more young people interested in technology is crucial to bridging the skills gap.

Image: Thomas Barwick/Getty

Tech has an image problem. Not only does the industry suffer from a chronic shortage of older workers, but educators and employees are failing to sell tech as an exciting – or even feasible – option for young people.

Right now, young people – particularly Gen Z – typically do not see professions in data or computer science as particularly glamorous. A report by analytics provider Exasol in June found that less than half (49%) viewed data science as a viable career option, a conclusion largely blamed on employers, educators and the wider technology industry doing a poor job at making it sound like a field worth pursuing.

Compounding the issue is the fact that data science is steeped in technical jargon – terms like “data literacy” and “algorithm” are unlikely to get anyone excited, let alone a generation that has grown up on a diet of smartphones and disposable media. If you can’t explain the building blocks of tech in terms that appeal to the aspirations of a 21-year-old, you can hardly expect their eyes to light up in wonderment at the notion of growing up to become a database administrator or machine-learning engineer.

SEE: Need developers? Solving the tech skills shortage means looking beyond hiring

The problem runs deeper than just semantics: in schools, there is evidence that technology is still being prioritised beneath traditional subjects like maths and science, despite the fact that technology is rapidly permeating every corner of industry – education included.

According to a recent survey of 1,000 16-24-year-olds in the UK by Accenture, only 24% feel confident that they’ll be able to secure a career in technology in the future – even though 42% of young people acknowledge there will be more tech jobs available because of COVID-19. What does this say about the way we are positioning technology as an achievable career prospect to those the industry needs most?

Even worse: Accenture found that, while more young women than men reported having good digital skills (44% vs 40%), they were less confident they could secure a job in tech compared to their male counterparts (20% vs 29%).

“If the digital native generation is not turning to technology as a career option, then we have a huge pipeline problem for the technology profession,” notes Shaheen Sayed, Accenture’s technology lead for UK & Ireland.

“Young people know technology is completely redefining the world right now – but their lack of confidence in securing a tech job indicates a worrying disconnect between young people, particularly girls, and a changing jobs market.”

Outside of rethinking curriculums and qualifications, which could take time to bring about meaningful change, new approaches in ways of working could help extend the appeal of tech jobs to young workers in the near term.

The pandemic has provided a catalyst for this change. Following more than a year of remote working becoming the default for many desk-based workers, the tech world shows signs of shifting, placing greater importance on a work-life balance and blending the benefits of working in the office and at home.

Gen Z seems particularly keen on the notion of this hybrid-style working. A survey of 1,000 21-24-year-olds by tech company Kettle found that 65% said hybrid working was important to their decision when considering an employer, with nearly 70% saying they’d pick an employer who offered hybrid work over one that did not. Meanwhile, almost half (47%) said they would leave their job if their employer didn’t offer hybrid or remote work options.

SEE: Tech workers are preparing to quit. Persuading them to stay won’t be easy

It’s difficult to say how much of this is the bravado of youth, but there’s no arguing that businesses, schools and academic institutions all have an important part to play in filling the digital skills gap, by keeping the supply of young people in tech flowing. The digital skills crisis will continue to get worse as digital transformation expands throughout industries and business sectors, and currently we’re not doing enough to make the field attractive, understandable or enticing to the generation that will determine its future.

It’s easy to roll your eyes at the notion that employers and educations need to ‘get with the times’ when it comes to selling technology as a career choice, but the responsibility of getting young people interested in tech ultimately falls upon the shoulders of those with the influence to do so. Technology moves fast, so it only makes sense that the language and culture around it moves just as quickly.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.

Click here to access.

Source: https://www.zdnet.com/article/tech-jobs-have-an-image-problem-and-its-making-the-skills-shortage-worse/#ftag=RSSbaffb68

Continue Reading

ZDNET

Microsoft: Zero Trust security just hit the mainstream

Published

on

Zero Trust, the borderless security strategy being pushed by vendors, has fully caught on in the enterprise, according to Microsoft’s latest survey of cybersecurity defenders. 

Microsoft, IBM, Google, AWS, Cisco and others in the cybersecurity industry have been banging the ‘zero trust’ drum for the past few years. 

The case for zero trust was made clearer after this year’s software supply chain attacks on US tech firms, which came amid a mass shift to remote work that demonstrated the need to protect information inside and beyond a trusted environment in a world that spans BYOD, home networks, VPNs, cloud services and more.

As Microsoft has argued, part of zero trust is assuming the corporate network has already been breached, either by hackers targeting that network through phishing or malware, or via an employee’s compromised home device connecting to the network.

The message has gotten through to organizations. Microsoft’s survey of 1,200 security decision makers over the past year found that 96% of consider Zero Trust to be critical to their organization. 

Zero trust will also soon be compulsory for federal agencies, helping standardize the concept in the broader market. US president Joe Biden’s cybersecurity executive order in May mandated agencies move to zero-trust as-a-service architectures and enable two-factor authentication (2FA) within 180 days. 

The Commerce Department’s NIST followed up last week by calling on 18 of the US’s biggest cybersecurity vendors to demonstrate how they would implement a zero trust architecture.    

Microsoft found that 76 percent or organizations are in the process of implementing a Zero Trust architecture — up six percent from last year.

“The shift to hybrid work, accelerated by COVID-19, is also driving the move towards broader adoption of Zero Trust with 81 percent of organizations having already begun the move toward a hybrid workplace,” writes Vasu Jakkal, Microsoft corporate vice president of security, compliance and identity.

“Zero Trust will be critical to help maintain security amid the IT complexity that comes with hybrid work.”

The top reasons for adopting Zero Trust included increased security and compliance agility, speed of threat detection and remediation, and simplicity and availability of security analytics, according to Jakkal. 

It’s all about confirming everything is secure, across identity, endpoints, the network, and other resources using signals and data.

Biden this week highlighted the real-world stakes at play with recent ransomware and supply chain attacks on critical infrastructure, telling the US intelligence community that a major hack would likely be the reason the US enters “a real shooting war with a major power”. The US president yesterday signed a memorandum addressing cybersecurity for critical infrastructure, ordering CISA and NIST to create benchmarks for organizations managing critical infrastructure.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/microsoft-zero-trust-security-just-hit-the-mainstream/#ftag=RSSbaffb68

Continue Reading

ZDNET

Apple broke bad news to iPhone fans

Published

on

We’ve known this was a problem.

I expected that if there was any time when Apple top brass would mention it, it would be during the earnings call.

And that’s when it happened.

Apple, like most other tech firms, is feeling the pinch due to component shortages.

A word that came up a lot during the call was “constraints.” It was up to Apple CFO Luca Maestri to break the bad news.

“… we expect supply constraints during the September quarter to be greater than what we experienced during the June quarter. The constraints will primarily impact iPhone and iPad.”

Must read: Don’t buy these Apple products: July 2021 edition

Normally, I’d put this down to scarcity marketing — “get in there quick with your iPhone orders, because otherwise you’ll miss out and the cool kids will laugh at you” sort of thing — but these supply constraints are real and is affecting almost every company that is involved in making things.

CEO Tim Cook went on to fill in some more details about the constraints.

“The majority of constraints we’re seeing are of the variety that I think others are saying that are I would classify as industry shortage. We do have some shortages, in addition to that, that are where the demand has been so great and so beyond our own expectation that it’s difficult to get the entire set of parts within the lead times that we try to get those. So it’s a little bit of that as well.”

A little bit of this, a little bit of that.

On the whole, Apple does like to underpromise and overdeliver, especially where Wall Street is concerned, so it doesn’t surprise me that there’s this air of caution.

It makes sense.

The landscape is changing rapidly.

But I think that it’s interesting and somewhat telling that Apple was willing to make such a statement, a statement that caused stocks to fall as a result.

This statement was not made lightly.

If you’re someone who likes getting a new iPhone as soon as they’re out, you might have to work a little harder this year.

PlatoAi. Web3 Reimagined. Data Intelligence Amplified.
Click here to access.

Source: https://www.zdnet.com/article/apple-broke-bad-news-to-iphone-fans/#ftag=RSSbaffb68

Continue Reading
Esports5 days ago

NBA 2K22 MyCareer: How to Get a Shoe Deal

Crowdfunding2 days ago

Conister Bank Lends More to Time Finance

Esports4 days ago

How to craft a weapon in Fortnite Chapter 2, season 8

Oceania
Esports5 days ago

lol123 scrape by Rooster to claim final IEM Fall Oceania Closed Qualifier spot

Esports4 days ago

How to complete a Sideways Encounter in Fortnite

Aerospace5 days ago

Potential component defect to delay next Virgin Galactic flight

Esports3 days ago

NBA 2K22 Lightning Green Animation: How to Claim

Esports5 days ago

Na’Vi win ESL Pro League Season 14 in five-map thriller against Vitality to complete $1 million Intel Grand Slam

Ukraine
Esports5 days ago

s1mple claims third consecutive MVP in EPL victory

Esports5 days ago

The best dunkers in NBA 2K22

Aerospace4 days ago

Photos: SpaceX rocket arrives on launch pad for Inspiration4 mission

HRTech4 days ago

Amazon launches educational benefits for frontline staff

Esports5 days ago

AVE and Trasko emerge victorious from CIS IEM Fall open qualifier

Big Data5 days ago

China to break up Ant’s Alipay and force creation of separate loans app – FT

HRTech4 days ago

How Crompton is using the ‘Power of Language’ to create a high-engagement culture

Esports4 days ago

Imperial round out IEM Fall SA closed qualifier team list

Cleantech5 days ago

Bringing Solar & Tesla Batteries To Restaurants In New Orleans To “Stay Lit,” And How You Can Help

HRTech4 days ago

Competing with Self

Esports5 days ago

All Maps in Battlefield 2042

Cleantech5 days ago

Is A Tesla Model S Plaid Fully Submersible? (VIDEO)

Trending

Copyright © 2020 Plato Technologies Inc.