Fortra Seizes and Sinkholes Malicious Domains to Prevent Cyber Attacks
U.S. software firm Fortra has announced that it has successfully ‘seized and sinkholed’ over 200 malicious domains, effectively preventing further exploitation of its Cobalt Strike penetration testing tool by cyber threat actors. This achievement was made possible through a strategic partnership with Microsoft’s Digital Crimes Unit and the Health Information Sharing and Analysis Center.
Addressing the Issue
Insufficient privilege access management and improper configurations can leave organizations vulnerable to cyber attacks. By taking unauthorized copies of tools like Cobalt Strike out of the hands of cybercriminals, Fortra is making significant strides in enhancing cybersecurity measures. According to a recent blog post by Fortra’s Bob Erdman and Peter Ceelen, the number of unauthorized copies of Cobalt Strike in circulation has decreased by 80%, showcasing tangible results in the fight against cyber threats.
Microsoft, Fortra, and H-ISAC collaborated to take legal and technical action against ransomware groups utilizing illegal versions of Cobalt Strike and compromised Microsoft software to target healthcare organizations. This joint effort has led to a substantial reduction in the availability of unauthorized copies of the threat simulation tool, making it harder for cybercriminals to carry out attacks.
Impact of the Initiative
The efforts to combat the malicious use of unauthorized Cobalt Strike copies have had a significant impact. Dwell times, which refer to the duration between initial detection and takedown of malicious activities, have been reduced to less than a week in the U.S. and less than two weeks globally. This swift response time is crucial in mitigating the damage caused by cyber threats.
Fortra also played a key role in Operation MORPHEUS, an international cyber investigation aimed at dismantling networks utilizing cracked versions of Cobalt Strike in ransomware attacks on healthcare organizations. By taking down hundreds of IP addresses associated with criminal activity, Fortra has further disabled unauthorized copies of the tool.
Looking Ahead
The fight against cyber threats involving legitimate cybersecurity tools is an ongoing battle. Industry best practices, such as implementing robust access management policies and adopting Zero Trust principles, can help minimize the risk of exploitation by cybercriminals. Collaborative efforts among organizations and cybersecurity experts are essential in strengthening defenses against evolving threats.
Quote from Fortra
“Collaboration is essential in advancing cybersecurity overall. This not only strengthens the collective defense against cybercriminals, but also ensures that legitimate security tools can continue to be used responsibly and effectively to protect organizations worldwide,” stated Erdman and Ceelen in the blog post.
About the Author
Andrea Fox is a senior editor at Healthcare IT News. For inquiries, contact afox@himss.org. Healthcare IT News is a HIMSS Media publication.
