Patched Cobalt Strike vulnerabilities could have dealt a crippling blow to malicious users

Too good for your own good?

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurityresearchers have discovered multipledenial of service (DoS)vulnerabilities in popularpenetration testingtool Cobalt Strike that can be exploited by malicious users,

Despite Cobalt Strike’s noble intentions, it ispopularly used by threat actorsusually to deploy payloads known as beacons to gain persistentremote accessto compromised systems.

During the recent BlackHat security conference, researchers fromSentinelOne revealeda series of DoS vulnerabilities that could have blocked the beacon from communicating with its command and control (C2) server.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

In essence, the vulnerabilities could be used by security researchers to perpetrate a DOS attack on the threat actors’ infrastructure.

Shutting down a good thing

The vulnerabilities collectively tracked as CVE-2021-36798, and dubbed Hotcobalt, kick in when a fake beacon sends fake task replies to the C2 server.

The fake tasks, which SentinelOne demonstrated in the form of abnormally large screenshots, drain all memory from the C2 server and cause it to crash, disrupting the ongoing operation.

Moreover the vulnerabilities are so severe that even restarting the server doesn’t help, since the fake beacons can continue to send memory draining tasks, crashing the server repeatedly.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

When used by the people on the right side of the law, the vulnerabilities would have dealt a crippling blow to any malicious campaign that used Cobalt Strike.

“Although used every day for malicious attacks, Cobalt Strike is ultimately a legitimate product, so we have disclosed these issues responsibly to HelpSystems and they have fixed the vulnerabilities in the last release,”reasons SentinelLabs.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

7 myths about email security everyone should stop believing

Another reason to avoid edge-lit 4K TVs: they may fail faster than others, according to this report