Patched Cobalt Strike vulnerabilities could have dealt a crippling blow to malicious users
Too good for your own good?
Cybersecurity researchers have discovered multiple denial of service (DoS) vulnerabilities in popular penetration testing tool Cobalt Strike that can be exploited by malicious users,
Despite Cobalt Strike’s noble intentions, it is popularly used by threat actors usually to deploy payloads known as beacons to gain persistent remote access to compromised systems.
During the recent BlackHat security conference, researchers from SentinelOne revealed a series of DoS vulnerabilities that could have blocked the beacon from communicating with its command and control (C2) server.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- Protect your devices with these best antivirus software
- Here are the best ransomware protection tools
- These are the best malware removal software on the market
In essence, the vulnerabilities could be used by security researchers to perpetrate a DOS attack on the threat actors’ infrastructure.
Shutting down a good thing
The vulnerabilities collectively tracked as CVE-2021-36798, and dubbed Hotcobalt, kick in when a fake beacon sends fake task replies to the C2 server.
The fake tasks, which SentinelOne demonstrated in the form of abnormally large screenshots, drain all memory from the C2 server and cause it to crash, disrupting the ongoing operation.
Moreover the vulnerabilities are so severe that even restarting the server doesn’t help, since the fake beacons can continue to send memory draining tasks, crashing the server repeatedly.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
When used by the people on the right side of the law, the vulnerabilities would have dealt a crippling blow to any malicious campaign that used Cobalt Strike.
“Although used every day for malicious attacks, Cobalt Strike is ultimately a legitimate product, so we have disclosed these issues responsibly to HelpSystems and they have fixed the vulnerabilities in the last release,” reasons SentinelLabs.
- These are the best endpoint protection tools
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.