Cobalt Strike Attacks

Posted on November 20, 2020 by John Limb

In the past few weeks, we have seen a significant increase in malicious attacks by bad actors using Cobalt Strike. Cobalt Strike is a legitimate tool used to give penetration testers access to many different attack capabilities. The issue lies when this toolkit gets into the wrong hands. Predominantly we have been seeing Cobalt Strike deploy an agent named “Beacon” for post-exploitation. Deploying this successfully can lead to a Ryuk Ransomware attack.

This week, BraintraceLABS is reporting Cobalt Strike as the most seen malware. Cobalt Strike enters the network in various ways, including via malware like BazarLoader. Malware can be installed with different tricks. The most common way is when the victim is tricked into clicking on a phishing campaign and downloads a file, which can be Word or Excel file. Then the user is tricked into enabling a macro. Once the macro is enabled, the malware will get into the network.

According to Microsoft, Cobalt Strike is being deployed through online ads claiming to be a Microsoft Teams update. The bad actor tricks the victim into clicking on a fake online ad. These advertisements will send the victim to an online domain under the control of the bad actor. When the victim clicks on the link, a download will begin. Instead of receiving the update, the user will download the payload, which can contain Cobalt Strike.

Dragonfly Encrypted Payload Analytics (EPA) prediction model identifies Cobalt Strike Beacon communications.

Braintrace’s Dragonfly is reporting the below C2 indicators of compromise for Cobalt Strike.

IP ADDRESS WEB HOSTNAME COUNTRY AS LABEL AS NUMBER
31.44.184.131 31[.]44[.]184[.]131 Russia Petersburg Internet Network ltd. 44,050
173.234.155.227 livenx[.]com United States Leaseweb USA, Inc. 396,362
108.62.118.217 stylesam[.]com United States Leaseweb USA, Inc. 30,633
23.106.160.84 epicnut[.]com United States Leaseweb USA, Inc. 7,203
23.83.133.125 sslcar[.]com United States Leaseweb USA, Inc. 19,148
74.118.138.107 beltpost[.]com United States TeraSwitch Networks Inc. 20,326
81.17.28.105 idrivehelper[.]com Switzerland Private Layer INC 51,852


REACH OUT TO US
If you have any questions or concerns about Trickbot and Ryuk. Please feel free to contact us at info@braintrace.com.


Trickbot/Ryuk Healthcare Attacks 

Posted on November 3, 2020 by John Limb

A new round of ransomware attacks targeting the healthcare industry is imposing a new strain on hospital networks already pushed to the breaking point by the COVID-19 pandemic.  But security experts from Braintrace have recently developed a state-of-the-art network analysis tool called Dragonfly that can effectively fingerprint the  virus families behind this latest round of attacks using encrypted payload analysis.

Read More


16 Ways to Protect Your Organization During COVID-19 

Posted on October 23, 2020 by Nicole Denton

From the security team at Braintrace, here are 16 essential steps your team should be taking to protect your organization from all forms of cyberattacks, including BEC, ransomware and crippling viruses. 

Read More


Dragonfly Takes Flight 

Posted on September 21, 2020 by Joseph Lamport

What does it take to build a breakthrough technology product today?  We recently had a chance to sit down with John Limb, the CTO at Braintrace, who is the primary driver behind the development of Dragonfly, a cutting-edge Network Traffic Analysis tool, which takes the fight against malware to the next level.  Compared to all the other NTA’s on the market today, Dragonfly provides near-complete visibility, including visibility into encrypted communications, that makes it far easier for the security team to stay a few steps ahead of all the bad actors.

Read More


What the Tech Are We Doing Now? 

Posted on August 5, 2020 by Carla Landry

Which technologies will take your firm to the next level? Carla Landry explains that it's important to find the technology that best complements your firm and practice group goals in order to provide the competitive momentum you need and the value-add clients demand.

Read More


Adapting Law Department Practice to the New Normal: a panel discussion of law department leaders 

Posted on April 16, 2020

Read More


Keeping Your Remote Workforce Secure With Security-as-a-Service From Braintrace 

Posted on April 3, 2020 by Greg Spicer

BraintraceA Q&A with Greg Spicer, the CRO of Braintrace, explaining their newest service offering that provides state-of-the-art data security for all firm employees who need to work remotely, no matter what sort of home device they may be working from. 

Read More


Five Essential Steps to Secure Videoconferencing and Prevent Corporate Espionage 

Posted on March 31, 2020 by Frank Flores

A remote work environment may seem ideal for employees, but it can create a number of creative loopholes that hackers can exploit.  Chief among areas of potential vulnerability is video conferencing, which has become an essential part of the toolset for employees working from but which hackers are now actively targeting! Here are give key steps employers should be taking to secure their videoconferencing systems.

Read More


Essential Cybersecurity Tips for Working at Home 

Posted on March 22, 2020 by Braintrace

Due to COVID-19, many of us are forced to work at home. The Braintrace team came together to bring to you tips to stay secure while away from the office. We created this article for our IT professional clients to share with their colleagues.  Follow these steps to create a secure home office.

 

Read More


Protecting Your Domain From Back Door Risk 

Posted on February 20, 2020 by Greg Spicer

Every website domain has hundreds, if not thousands, of permutations.  Most of these permutated domains are completely harmless, involving a simply typographical variation on the original domain name. However, every now and again a fraudster will create a domain based on one of these permutations with bad intentions, hoping to compromise the security of the original domain.  It’s important to understand and take reasonable steps to mitigate this risk, so you can better protect your vital business domains.

Read More


Waiting for Stuxnet: 8 things a security engineer can do to stay ahead of emerging security threats 

Posted on January 28, 2020 by Frank Flores

A list of 8 essential tips on how to enhance your law firm's cyber security from the Director of Security Operations for Braintrace.  These are all critical practices that should be incorporated into your security routine in order to stay 3 or 5 steps ahead of the bad actors who are out there now, probing and waiting for the chance to compromise your law firm’s security.

Read More


Most Popular Tech Stories in 2019 

Posted on January 7, 2020

In keeping with the time-honored tradition of publishing best of lists to celebrate the New Year, here is our list of the ten most popular stories that appeared in Law Technology Digest in 2019.  What do you suppose it says about the pace of technological change last year that the top story provides 18 euphemisms for “I haven’t got a f*cking clue”?

Read More


Hitting the Sweet Spot for Law Firm Management with Zola Suite 

Posted on December 5, 2019 by Joseph Lamport

In the first part of this series, I wrote about how the platform business model is one of the defining features of our current state of technological and economic development, evident in such business success stories as Uber and Airbnb.  A platform business is one that creates value by facilitating exchanges, of either information, good or services, among otherwise independent groups and individuals via the platform it creates.  I also explained how the platform business model is of growing importance in the legal market, not so much for connecting lawyers to clients but as a means of more effectively connecting the lawyers within a firm and thereby enabling a much more efficient and far more integrated work-flow.

In this second part of the series I’m going to take a closer look at Zola Suite, part of the new generation of cloud-based law practice platforms now available on the market.   Zola Suite formally launched in 2015, after a few years in development, but in fairly short order it has emerged as a market leading solution for mid-sized and larger law firms. This positions Zola in notable contrast to its better-known cloud-based provider, Clio, which has attracted a large number of solos and small firm clients to its platform.

Read More


The Law Practice Platform 

Posted on November 12, 2019 by Joseph Lamport

In the past, law firms were held together primarily by their partnership agreements, which laid out the rules for how firm-wide decisions got made and how the spoils of collective labor would be divvied up.  Law firms of the future – whether they are organized as partnerships, LLCs or some other alternative business structure – will most certainly be far more dependent on whatever practice platform they choose to adopt.  It will be the practice platform, much more than the partnership agreement, that provides the insight, controls and coherence that holds the firm together.  

Read More


Casetext Launches CARA Patent That Provides Users AI-Powered Patent Law Research 

Posted on October 23, 2019 by Joseph Lamport

Casetext keeps leading the way by introducing powerful new applications of AI in the legal research market.  This week they announced the roll out of CARA Patent, a new product that leverages the power of AI technology to transform patent law research.

Read More


Incident Response: What Every Law Firm Needs to Know 

Posted on October 17, 2019 by Katherine Riley, CISA, CISM

One recent study estimated that a cyber-attack occurs every 39 seconds, which underscores the need of every business in America to be prepared for the possibility that their network security will eventually be tested if not breached.  For law firms, the risk is even more severe.  As of 2017, around 20% of all U.S. based law firms had been hacked.  By early 2019, that percentage had risen to an alarming 25%. 

And yet severe as the risk of security breach is, fewer than half of all law firms in the US have an adequate incident response plan in place, and less than a third of those firms with plans have undertaken any testing to ensure their preparedness in case of an attack.  The lack of planning and testing only increases the dangers law firms face.

Read More


Nothing Compares With compareDocs 

Posted on October 15, 2019 by Kerry Carroll

Document comparison is an absolutely essential technology for law firms today.  It’s a critical productivity tool that most lawyers rely on every day and it plays a vital role in client service because it’s how your firm keeps clients fully informed about work-in-progress.  How does your current solution stack up against compareDocs - the leading document comparision tool on the market? 

Read More


Parsons Behle Lab: Ringing the Bell for Market Innovation 

Posted on October 9, 2019 by Joseph Lamport

Parsons Behle Lab has embarked on an ambitious tech development effort, which represents a striking departure from the way most law firms have approached similar innovation and tech development initiatives. They are in the process of building a new type of law practice platform, which is open for other law firms and lawyers to use, and which enables participating firms to expand the services they offer to their own clients.  It's a platform that seems laden with opportunity for all those who choose to get involved. 

Read More


Streamlining the Process of E-Filing: making good on the promise of technology 

Posted on September 23, 2019 by Joseph Lamport

One of the most frustrating tendencies of technology is to create new problems while trying to solve old ones.  It's reminiscent of the drinker who drinks to forget he’s drinking in the Little Prince, with the problem and solution forever chasing each other in circular fashion.

Read More


Law Firms & Ecosystems 

Posted on September 9, 2019 by Anders Spile

For decades, law firms have upheld strong boundaries between the firm and the society in which they operate. The law firm maintains itself as a sturdy fortress, within which hierarchy, culture and tradition go unchallenged. The career path remains clear; associates and junior lawyers execute repetitive work in an attempt to get to the promised land of the equity partner with the result being that billable hours are silently killing all innovative efforts happening lawyer-to-lawyer.

Read More


Interview with Greg Spicer 

Posted on August 16, 2019 by Joseph Lamport

Editor’s Note:  We recently had a chance to sit down with Greg Spicer, the CRO at Braintrace, to talk about the growing importance of information security management and the option for registration under ISO 27001 for law firms today.  Braintrace is one of the top cybersecurity consulting firms in the country serving the legal, financial and government markets. 

Read More

Most Recent Issue


Easy stamping - any electronic evidence

Craig Ball is right when he says that numbering native production is easy! He mentions software programs like Bulk Renaming Utility, File Renamer Basic and Ant Renamer. But all you need to do is grab your stamper, display the document, spreadsheet or image full screen and carefully take your stamper to the upper right hand corner and press firmly against the monitor until the ink has transferred. Read more at Ball in your court: C'mon! Bates Numbering Native Production is Easy!

- o/|oo|\o -


Not in my lifetime

Jordan Furlong has some interesting and sober insights into the legal sector in this pandemic. I'm following almost to the end where he writes, "While I dislike its colonialist connotations, I do feel like the appropriate metaphor right now, for those of us able to lead change in the legal sector, is to 'burn our ships.'" That's not going to work. One, maybe two ships might be set ablaze and will market the heck out of their scorch marks. One might actually burn to the waterline. But for such an overhaul to truly be successful, all the boats in the harbor must be set afire, including the clients. I don't see that happening in my lifetime. Read more at THE LAW21 BLOG: Burn the ships

- o/|oo|\o -


Talk less. Succeed more.

Ever met someone who seemed to be a liitle too much in love with the sound of their own voice? Dan Rockwell writes, "5 Reasons people talk too much: 1) Thinking. Extroverts think while they talk. (If you want your team to think, make space for them to talk.); 2) Silence drives you crazy. It only takes 4 seconds for silence to feel awkward.; 3) You have power or position; 4) Insecurity; 5) To convince people you're right." Read more at LEADERSHIP FREAK: Do less of this and You'll Be More Successful

- o/|oo|\o -


Special Braintrace Research Update!

The good folks at Braintrace are running a special set of educational updates with details on a different issue. First up was research on Trickbot/Ryuk attack The newest research is on Cobalt Strike (which is a legitimate tool used to give penetration testers). Security is not something you can leave unattended. Reach out to Braintrace and ask about their services and request a Dragonfly demo. Learn more about Cobalt Strike by reading: Cobalt Strike Attacks


- o/|oo|\o -


Jeffrey Brandt, Editor

Connect with me on LinkedIn Jeffrey Brandt
Follow me on Twitter @jeffrey_brandt
Follow all the PinHawk highlights @PinHawkHappens
Website:PinHawk.com | Blog: PinHawkBlog.com

Affiliations:
Founding Circle, Association of Legal Technologists (ALT)
Chair, The 2020 Legal AI Forum (postponed)
Judge, Litera 2020 Changing Lawyer Awards


There are other PinHawk newsletters that your colleagues and coworkers may be interested in. Pass along the links to the daily PinHawk Legal Administrator Daily, PinHawk Librarian News Digest two weeklys, PinHawk Law Firm Marketing Brief, PinHawk Leading Law Departments and now the COVIDS-19 Daily Alert.




All content Copyright © 2020 PinHawk LLC. All Rights Reserved.