EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
|Threat Level:||20 % (Normal)|
|First Seen:||May 5, 2022|
|Last Seen:||May 21, 2023|
Cobalt is a malware infection that is spreading by taking advantage of a vulnerability in Microsoft Windows that has existed for 17 years in this operating system. Although the vulnerability that is being used by Cobalt, CVE-2017-11882, has existed for 17 years, it was only made public and patched by Microsoft in November 2017. Using this vulnerability, the cybercrooks were able to deliver threats by using the Cobalt Strike, a tool used to test vulnerabilities.
Table of Contents
A Cobalt Secret Kept for Many Years
Cobalt is delivered through a spam email message that looks like a notification from Visa (the credit card company), supposedly announcing rule changes in its PayWave service in Russia. Victims receive a RTF document named 'Изменения в системе безопасности.doc Visa payWave.doc,' as well as an archive file with the same name. Sending threats in the form of archive files attached to email messages is a very common method of delivering them. The use of password-protected archives for these attacks is a safe way to prevent auto-analysis systems from analyzing the file since they will extract the file in a safe environment to detect threats. However, there is somewhat of a social engineering aspect by including both the corrupted DOC file and the archive in the same message.
How the Cobalt Attack can Affect You and Your Machine
Once Cobalt is installed on the victim's computer, Cobalt can be used to control the infected computer, as well as to install this threat on other computer systems on the same network. Although officially Cobalt Strike is supposedly a tool for penetration testing, in this case, it is being used to carry out threat attacks. The cybercrooks are always looking for new ways to deliver threats. While new vulnerabilities are quite threatening, very old vulnerabilities like this one, that may not have been properly addressed originally, also pose a threat to computer users. Remember that many computer users fail to patch their software and operating system regularly, meaning that many PCs are vulnerable to many exploits that are quite old and, in some cases, will be overlooked by many anti-virus programs.
Protecting Your Computer from a Threat Like Cobalt
As with most threats, the use of a trustable security program is the best protection against Cobalt and similar threats. However, since an old software exploit is involved in these attacks, PC security researchers advise computer users to ensure that their software and operating system are fully updated with the most recent security patches. This can help computer users prevent threats and other problems as much as using security software.