logo
episode-header-image
Jan 2025
38m 40s

Disrupting Cracked Cobalt Strike [The Mi...

N2K Networks
About this episode

While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, The Microsoft Threat Intelligence Podcast by Microsoft Threat Intelligence. See you in 2025!


On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks.  To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse.   

 

In this episode you’ll learn:      

  

  • The impact on detection engineers due to the crackdown on cracked Cobalt Strike 
  • Extensive automation used to detect and dismantle large-scale threats 
  • How the team used the DMCA creatively to combat cybercrime 

 

Some questions we ask:     

  

  •  Do you encounter any pushback when issuing DMCA notifications? 
  •  How do you plan to proceed following the success of this operation? 
  •  Can you explain the legal mechanisms behind this take-down? 

 

Resources:  

View Jason Lyons on LinkedIn 

View Bob Erdman on LinkedIn   

View Richard Boscovich on LinkedIn  

View Sherrod DeGrippo on LinkedIn  


 

Related Microsoft Podcasts:                   

 

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

 

Get the latest threat intelligence insights and guidance at Microsoft Security Insider 

 

 

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next
Today
Plug-ins gone rogue.
Patch Tuesday. An Iranian ransomware group puts a premium on U.S. and Israeli targets. Batavia spyware targets Russia’s industrial sector. HHS fines a Texas Behavioral Health firm for failed risk analysis. The Anatsa banking trojan targets financial institutions in the U.S. and C ... Show More
29m 52s
Yesterday
Memory leaks and login sneaks.
Researchers release proof-of-concept exploits for CitrixBleed2. Grafana patches four high-severity vulnerabilities. A hacker claims to have breached Spanish telecom giant Telefónica. Italian police arrest a Chinese man wanted by U.S. authorities for alleged industrial espionage. ... Show More
30m 50s
Jul 7
SafePay, unsafe day.
Ingram Micro suffers a ransomware attack by the SafePay gang. Spanish police dismantle a large-scale investment fraud ring. The SatanLock ransomware group says it is shutting down. Brazilian police arrest a man accused of stealing over $100 million from the country’s banking syst ... Show More
37m 27s
Recommended Episodes
Jun 18
Scattered Spider Targets US Insurance, Microsoft Zero-Day, Major Database Breach, and AI Poison Pill
In this episode, host Jim Love delves into recent cybersecurity threats and breakthroughs. The notorious Scattered Spider hacker group has shifted its focus to US insurance companies after attacking UK retailers earlier this year. Microsoft's urgent security updates address activ ... Show More
11m 14s
Apr 22
Stopping Social Engineered Vishing Attacks Before They Start
Social engineering continues to be the primary gateway for cyberattacks, responsible for nearly 80% of fraud and ransomware incidents. And notably, 1 in 4 of these social engineering attacks originate via phone calls. Yet many enterprises continue to leave their phone systems exp ... Show More
41m 52s
Dec 2024
Stopping Deepfake Threats Through Identity Verification
In this episode, Aaron Painter, CEO at Nametag, joins me in discussing the Deepfake fraud phenomenon and how organizations and individuals should protect themselves from such scams. A recent study conducted by finance software provider Medius finds that over 53% of businesses in ... Show More
33m 28s
May 2021
The Cybersecurity Readiness Podcast Trailer
Welcome to the Cybersecurity Readiness Podcast! The Podcast serves to have a reflective, thought-provoking and jargon free discussion on how to enhance the state of cybersecurity at an individual, organizational and national level. Host Dr. Dave Chatterjee converses with subject ... Show More
1m 40s
Dec 2024
Lessons from 2024's Biggest Cyber Incidents and Building Stronger Defenses for 2025
In this episode, Shrav Mehta, Founder, and CEO at Secureframe, joins me to discuss major cybersecurity incidents in 2024, highlighting five significant breaches: National Public Data (2.7 billion records), AT&T (50 billion), Ticketmaster (500 million), Change Healthcare (145 mill ... Show More
36m 10s
Mar 2025
The X Attack - More Information Surfaces: Cyber Security Today for Wednesday, March 12, 2024
Cybersecurity Today: From DDoS Attacks to Developer Sabotage In today's episode, host Jim Love discusses several major cybersecurity incidents: the pro-Palestinian group Dark Storm's claimed DDoS attack on X Twitter and its implications; the impact of budget cuts from the Departm ... Show More
13m 47s
Dec 2024
Decoding XDR: Allie Mellen on What’s Next
Announcement: We are pleased to share an exciting announcement about Cortex XDR at the top of our show. You can learn more here. Check out our episode on "Cyber Espionage and Financial Crime: North Korea’s Double Threat" with Assaf Dahan, Director of Threat Research at Palo Alto ... Show More
39m 59s
Apr 30
SN 1023: Preventing Windows Sandbox Abuse - Microsoft Says "Don't Delete This Folder"
Why did a mysterious empty "inetpub" directory appear after April's Patch Tuesday? And what new Windows Update crashing hack did this also create? North Korea is now creating fake US companies to lure would-be employees. The "Inception" attack subverts all GPT conversational AIs. ... Show More
2h 44m
Feb 2025
SN 1011: Jailbreaking AI - Deepseek, "ROUTERS" Act, Zyxel Vulnerability
Why was DeepSeek banned by Italian authorities? What internal proprietary DeepSeek data was found online? What is "DeepSeek" anyway? Why do we care, and what does it mean? Did Microsoft just make OpenAI's strong model available for free? Google explains how generative AI can be a ... Show More
3h 1m
Listen to millions of songs and podcasts on Anghami