LockBit 3.0 ransomware operators abuse the Windows Defender command line tool to download Cobalt Strike beacons on compromised machines and avoid detection.

It is worth recalling that Cobalt Strike is a legitimate commercial tool designed for pentesters and the red team and focused on exploitation and post-exploitation.

Unfortunately, it has long been loved by hackers ranging from government APT groups to ransomware operators. Although Cobalt Strike is quite expensive and inaccessible to ordinary users, attackers still find ways to use it (for example, rely on old, pirated and hacked versions).

Let me remind you that we also reported that Zloader Trojan Disables [...]

The time that attackers go undetected on a victim’s network was declining for the fourth year in a row, according to the Mandiant M-Trends 2022 report.

Cyberthreat detection time has been reduced to 21 days in 2021 compared to 24 days in 2020. Ransomware was detected on average within five days, while other attacks went undetected for 36 days in 2021, compared to 45 days in 2020.

However, the overall situation is getting better as more companies partner with third-party cybersecurity firms, and government agencies and cybersecurity companies often notify victims of attacks, resulting in faster detection.

One more positive trend: let me remind you that we wrote [...]

The media reports that Microsoft Defender for Log4j problems is showing false warnings about some kind of “sensor hack” associated with the recently deployed Microsoft 365 Defender scanner for Log4j processes.

According to Bleeping Computer, such warnings mostly appear on Windows Server 2016 systems and says: “Microsoft Defender for Endpoint has detected possible sensor tampering with memory.” These warnings apply to the OpenHandleCollector.exe process.

Microsoft representatives have already told outraged administrators that there is really nothing to worry about, as these are false positives. It is known that at the present time the [...]

Many sysadmins have had extremely nervous days this week: Microsoft Defender ATP (Advanced Threat Protection) corporate solution mistakenly detected Mimikatz and Cobalt Strike infections on devices and issued false warnings. [dropcap]L[/dropcap]et me remind you that hackers, from government APT groups to ransomware operators, for a long time beloved the legitimate commercial framework Cobalt Strike, created for pentesters and the red team and focused on exploitation and post-exploitation.

Although it is not available to ordinary users and the full version is priced at about $3,500 per install, attackers still find ways to use it (for example, relying on old, pirated, jailbroken [...]