- Cybersecurity experts recommend rethinking the way we call the attackers
- Names like Salt Typhoon and Fuzzy Bear are misleading, they argue
- Microsoft and Crowdsstrike have agreed to align their names
An article co-written by former heads of the British and American cybersecurity agencies, Jen Easterly (CISA) and Ciaran Martin (NCSC), called to re-examine naming conventions of the threat actors, calling the current names of “deceptions”.
“These names are not only confusing – they are misleading. They obscure the attribution, mystify the public and often glamor dangerous adversaries,” urges the just security article.
“This is why we welcome the news that the Microsoft and Crowdstrike cybersecurity chiefs associate to better align the way they call and categorize cyber-men’s players.”
This last sentence refers to a new strategic collaboration in which Microsoft and Crowdstrike will align themselves in their taxonomies of threat actors, who, hope to help confidence in the identification of threat actors, the “ correlation of rationalization ” between reports, as well as “ accelerating the action of defenders against active cyberthe. ‘
Objectively ridiculous
Easterly and Martin believe that if this collaboration will help, she will not fundamentally reform the name of the name of the way in which this is necessary.
“Here is the problem: we always lack shared public taxonomy, neutral of the supplier which allows alignment and global interoperability,” they added.
“In the meantime, we always use names that look more like comics characters than they really are: national hackers and cybercriminals actively trying to disturb hospitals, paralyzing governments and keeping businesses hostage.”
Safety experts believe that giving cybercriminal names like “ scattered spider ” or `typhon volt ” contributes to a kind of brand identity for groups, leading de facto marketing campaigns for them and misleading the public on the gravity of threats.
The article calls for security experts to stop naming groups in a way that “ mystifies, glamor or disinfect their harmful activities ”, and even goes so far as to call it a “objectively ridiculous way of informing the public” about the dangerous gangs of organized crime.
Organizations like Sported Spider have caused serious damage and disrupted public life in a measurable way, as did with the attack on alleged ransomware targeting the British retailers – and their name should reflect the danger they represent.
“These actors do not deserve intelligent names,” notes the article. “Calling them bags on earth would be frankly more appropriate, or if the creative brand aims to make them more memorable, we suggest names like a lean nuisance, a weak weasel, a weak ferret or a dingo doofus.”
