BROADCASTS.com

b'

Inside BlackByte and Cobalt Strike, the ransomware group and post-exploitation tool used in a recent high-profile hack \\u2014 and how both pose new risks to the industrial sector.

While rogue individuals with an agenda and advanced cybersecurity skills are still prevalent, most headline-grabbing hacks are now originating from well-organized, highly talented groups or organizations. Now only does this dynamic provide access to a greater pool of talent, but it makes stopping a multi-faceted attack more difficult.

One of the most notorious of these cyber terrorist groups is BlackByte. The Ransomware-as-a-service group recently made headlines by hacking the National Football League\\u2019s San Francisco 49ers right before the league\\u2019s biggest weekend \\u2013 the most recent Super Bowl.

The group was able to exploit a vulnerability in the team\\u2019s Microsoft Exchange server and implement a tool called Cobalt Strike. Users were then sent hourly ransom notes via a print bomb to all printers connected to the infected machine.\\xa0

While the 49ers have downplayed the impact of the hack, it did result in the release of financial documents that BlackByte posted to a site on the dark web. No ransom demands were made public, but the amount of data actually stolen remains unknown.

The growing reach, ability and boldness of these groups should give everyone in the industrial sector pause \\u2013 regardless of your role or job title. If they can access data from a billion-dollar franchise, your IP and financial data is, at least, just as vulnerable.

The good news is that we have people like Lauren Podber, Principal Intelligence Analyst at Red Canary, to help guide us getting ahead of groups like BlackByte. Lauren and her cohorts at Red Canary specialize in managing cybersecurity endpoint detection, planning and response.

Download and listen to the audio version below and click here to subscribe to the Today in Manufacturing podcast.