Security News > 2021 > August > “Cobalt Strike” network attack tool patches crashtastic server bug
If you're a regular reader of Naked Security and Sophos News, you'll almost certainly be familiar with Cobalt Strike, a network attack tool that's popular with cybercriminals and malware creators.
By implanting the Cobalt Strike "Beacon" program on a network they've infiltrated, ransomware crooks can not only surreptitiously monitor but also sneakily control the network remotely, without even needing to login first.
That's because a Cobalt Strike intrusion means that someone was trying to establish a beachhead inside your network, perhaps for a ransomware attack, perhaps for a data heist, or perhaps for both.
The Cobalt Strike Beacon program unassumingly pretends to be a web client, just like a browser or an official software auto-updater, and regularly calls home to a designated server using innocent-enough web requests, just like a browser or a legitimate auto-update tool.
Well, researchers at Sentinel One have just announced a brand new BWAIN - our shorthand for Bug With An Impressive Name - entitled Hotcobalt, which is a command processing bug in the Cobalt Strike server code.
The Hotcobalt bug means that a beacon that misbehaves - whether by accident or design - can crash the C&C server it's talking to.
News URL
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)