A new report from Cisco Talos Incident Response (CTIR) says cybercriminals exploit the Cobalt Strike testing toolkit to carry out ransomware campaigns. Criminals are increasingly carrying out attacks using Cobalt Strike, and it dominated the threat landscape last quarter for the fifth quarter in a row. Other ransomware infections that also were common were Ryuk, Maze, LockBit, and Netwalker.
The report found that the trend toward using Cobalt Strike is not only limited to ransomware but in other types of cyber-attacks. One of the reasons is, the toolkit is popular among threat actors is because it can emulate legitimate traffic. The ransomware also comes with an array of features and capabilities that attackers can exploit.