IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
News

Google Cloud Platform now automatically detects highly common ransomware dropper

Cobalt Strike is one of the most widely abused cyber security tools on the market and the latest measures aim to prevent cloud-based cyber attacks

Google Cloud has added new features for customers that protect against nearly all major versions of the widely abused CobaltStrike penetration testing tool. 

Through the release of new open-sourced YARA rules, Google Cloud customers can now benefit from a wide selection of detection signatures for all versions of Cobalt Strike dating back to 2012.

Cobalt Strike is a legitimate, commercial penetration testing tool often used in red team cyber security training exercises. 

It’s also widely cracked, shared, and abused by threat actors for intrusion and lateral movement in malicious real-world attacks.

The software suite comes pre-loaded with easy-to-execute hacking tools and is among the most widely used programs to conduct remote access attacks and drop malware payloads.

Google Cloud has added 165 detection signatures to scan more than 300 different Cobalt Strike binaries which are differentiated by unique JAR files, stagers, templates, and beacons.

“We are releasing to the community a set of open-source YARA rules and their integration as a VirusTotal Collection to help the community flag and identify Cobalt Strike’s components and its respective versions,” said Google Cloud in a blog post

“Since many threat actors rely on cracked versions of Cobalt Strike to advance their cyber attacks, we hope that by disrupting its use we can help protect organisations, their employees, and their customers around the globe.”

Cobalt Strike is used by a wide range of hackers and has been involved in ransomware attacks from the likes of Ryuk and BlackCat, and has been involved in the dropping of the Raspberry Robin worm which, in turn, has been used to drop LockBit and Cl0p ransomware.

Google Cloud’s new YARA rules will help many of its customers automatically detect the use of Cobalt Strike and prevent attacks in their early stages, ideally before damaging malware can be deployed. 

Related Resource

Cloud, infrastructure, and management

GigaOm Radar for alternatives to Amazon S3v2.0

Purple whitepaper cover with title and circular SWOT chart on the rightFree Download

These are the latest measures taken by the cloud platform in its ongoing efforts to make the cloud more secure as cyber criminals continue to target the points of greatest value to organisations.

Google Cloud extended its partnership with cyber security company MITRE earlier this year to develop open-sourced queries that aid threat hunting in cloud environments.

Through the release of YARA rules, the initiative aimed to make it easier for customers to proactively look for security threats, replacing what Google Cloud said is usually a complex task that requires deep knowledge of diverse security signals.

The ‘big three’ public cloud provider has also fortified its Chronicle platform this year, first through the February acquisition of Siemplify and again in August with the general availability of new threat detection capabilities.

The company also drew attention to the growing issue of cryptomining in enterprise cloud environments earlier this year.

It said cryptomining was an increasingly popular, financially-motivated attack on cloud customers and in more than half (58%) of cases the malware used was installed within 22 seconds of compromising the platform.

Featured Resources

Accelerating healthcare transformation through patient-centred medtech solutions

Seize the digital transformation opportunities to streamline patient care and optimise patient outcomes

Free Download

Big payoffs from big bets in AI-powered automation

Automation disruptors realise 1.5 x higher revenue growth

Free Download

Hyperscaler cloud service providers top ten

Why it's important for companies to consider hyperscaler cloud service providers, and why they matter

Free Download

Strategic app modernisation drives digital transformation

Address business needs both now and in the future

Free Download

Recommended

Google Ad Manager knocked offline for more than three hours
Network & Internet

Google Ad Manager knocked offline for more than three hours

9 Dec 2022
Google brings no-code machine learning to Sheets with SimpleML
Business strategy

Google brings no-code machine learning to Sheets with SimpleML

8 Dec 2022
Tech giants to share $9 billion Pentagon cloud computing contract
Cloud

Tech giants to share $9 billion Pentagon cloud computing contract

8 Dec 2022
HPE expands partner ecosystem amid GreenLake updates
Cloud

HPE expands partner ecosystem amid GreenLake updates

8 Dec 2022

Most Popular

Empowering employees to truly work anywhere
Sponsored

Empowering employees to truly work anywhere

22 Nov 2022
What we can learn from the supercomputer revolution
Sponsored

What we can learn from the supercomputer revolution

1 Dec 2022
What medium and large enterprises can learn from supercomputing
Sponsored

What medium and large enterprises can learn from supercomputing

6 Dec 2022