Summary: The abuse of Cobalt Strike, a post-exploitation tool, has significantly decreased by 80% due to collaborative efforts between Fortra and partners like Microsoft and Health-ISAC. Key actions included legal and technical measures that resulted in the takedown of numerous malicious servers and reduced the average detection to takedown time for such threats. Ongoing efforts focus on monitoring and improving security measures to further protect legitimate users and prevent unauthorized copies.
Affected: Cobalt Strike users and cybercrime victims
Keypoints :
- Collaboration between Fortra, Microsoft, and Health-ISAC has led to a significant reduction in the illegal use of Cobalt Strike.
- Nearly 600 Cobalt Strike servers were dismantled by Europol in July 2024, contributing to an 80% drop in unauthorized copies.
- The average dwell time for detecting and taking down malicious activities is now less than one week in the U.S. and under two weeks globally.
- Fortra continues to enhance security controls and automation processes to prevent further abuses and protect legitimate users.
Source: https://www.securityweek.com/cobalt-strike-abuse-dropped-80-in-two-years/