Cobalt Strike and Metasploit were the offensive security tools most commonly used to host malware command-and-control (C2) servers in 2020, researchers report.
Researchers with Recorded Future’s Insikt Group collected more than 10,000 unique C2 servers across at least 80 malware families last year. Cobalt Strike accounted for 1,441 of the C2 servers and Metasploit made up 1,122; combined, they made up 25% of the total C2 servers. Detections of unaltered Cobalt Strike deployments represented 13.5% of C2 servers identified.
Offensive security tools, also known as penetration testing tools and red teaming tools, have become part of attackers’ toolkits in recent years. Some of these tools mimic an attackers’ activity, and attack groups noticed an opportunity to blend in with typical penetration tests.
Nearly all of the offensive security tools researchers detected in C2…