Blackberry Ltd. today released a new book: Finding Beacons In the Dark: A Guide to Cyber Threat Intelligence, which it says examines “the evolution and prevalence of one of the most pervasive tools used by threat actors today – Cobalt Strike Beacon.”

The book also details ways to protect against malicious Cobalt Strike payloads and outlines how a robust Cyber Threat Intelligence (CTI) lifecycle and extended detection and response (XDR) solution can provide the context needed to stop these threats, a release stated.

“Initially developed as an adversary simulation tool, Cobalt Strike has evolved into one of the most persistent attack methods used by state-sponsored Advanced Persistent Threat (APT) groups and criminal mercenaries alike,” Blackberry said.

“The book highlights the current threats facing organizations, provides a defense framework and uncovers links between cyberattacks previously thought to be disparate.

“Cobalt Strike is widely used by red teams and has become heavily abused by cybercriminals due to its malleability and accessibility. The software is feature-rich, allowing for the facilitation of many attack methods and remained a favorite of numerous state-sponsored parties. The software has also played a significant role in the proliferation of ransomware seen over the past 18 months.”

Eric Milam, vice president of research and intelligence at Blackberry, said it “presents an almost perfect software for cybercriminals, while highlighting a central conundrum of the security sector – that well-built tools can both aid and increase cybercrime,”

“Cobalt Strike is feature-rich, well supported and actively maintained by its developers. Its payload provides a wealth of features for attackers. This makes it an attractive option for APT groups and cybercrime novices alike.”

The Blackberry release notes that “while the increasing proliferation of Cobalt Strike within the criminal underground presents a reason for concern, so does its continued use by sophisticated APT groups. As recently as October 2021, APT41 was witnessed using the software in phishing emails targeting Indian citizens, while Dridex operators have used Cobalt Strike heavily to underpin their recent phishing and malspam campaigns.”

The book, which will be available next month, can be pre-ordered via the following website link.