Google Makes Cobalt Strike Harder To Abuse, Expert Weighs In

By   ISBuzz Team
Writer , Information Security Buzz | Nov 23, 2022 03:07 am PST

Google Clamps Down on Cobalt Strike Abuses

Google announced earlier this month that it had removed the ability to run JavaScript from inside.  HTML tags on its advertisement platform, in an effort to clamp down on ad fraud. And abuse perpetrated by cryptomining malware like Cobalt Strike and Coinhive. But what does this change mean for legitimate advertisers? And how will it impact larger security issues surrounding Javascript execution? Security expert Paul Roberts weighs in below.

 

Google’s response to Cobalt Strike abuses

Earlier this year, Google made a critical update to its ethical sourcing policy for cobalt. Which is used in lithium-ion batteries. The new policy will now require all of the company’s suppliers to disclose. Their cobalt suppliers and mines as well as to conduct human rights due diligence reviews of those suppliers and mines. This important update is just one example of Google making a conscious effort to make sure that it can’t be accused of being complicit in human rights abuses. Other steps that the tech giant has taken include investing in renewable energy sources like wind and solar power, lobbying for net-zero emissions legislation, and using green building practices when constructing new data centers.

 

What is Cobalt Strike?

Cobalt Strike is a penetration testing software developed by a company called RiskSense that allows an attacker to gain access to a target’s machine. The attack typically starts by getting the victim to visit a malicious website or click on a malicious link. Which installs malware and gives the attacker remote access to their machine. This is often done through phishing, social engineering, and other means. Users may not even know they’re infected until they start noticing unusual behavior in their computers.

 

How has it been abused?

Cobalt is a key ingredient in lithium-ion batteries that power electric vehicles and phones. Unfortunately, the mining of cobalt often leads to human rights abuses. Including child labor and unsafe working conditions.

A recent study found that over half of the global supply of cobalt comes from the Democratic Republic of Congo (DRC). Where one in ten children work in mines despite the DRC having outlawed child labor for those under 18 years old in 2012.

Cobalt can be hard to trace back to its origin due to processes like smelting and refining, which can mix together different sources or batches of materials. So even if companies pledge not to use any cobalt mined by children. They may still be using some from DRC mines that employ children anyway.

 

What does this mean for the future of Cobalt Strike?

We know that the refining of cobalt from an ore to a metal can involve serious human rights abuses. These can include labor trafficking, hazardous working conditions, and child labor. In response to this issue, Google Cobalt Strike has announced that it is banning the purchase of cobalt mined by hand in Congo. This will mean that in order to sell cobalt, mining companies will need to provide evidence. That they are not using child labor and are complying with local regulations. However, even with these changes, there is still a long way to go before we see a fair system in place for all parties involved.