- Cybersecurity experts recommend that we rethink the way we name attackers
- Names like Salt Typhoon and Fuzzy Bear are misleading, they argue
- Microsoft and Crowdstrike have agreed to align their name conventions
A co -written article of former bosses of the cyber security agencies of the United Kingdom and the USA., Jen Easterly (CISA) and Ciaran Martin (NCSC), has asked that the conventions of names of the threat actors be reconsidered, calling the current “deceitful” names.
“These names are not only confusing, they are misleading. They wave attribution, disconcert the public often glamorize dangerous adversaries,” the fair security article urges.
“That is why we welcome the news that cybersecurity leaders Microsoft and Crowdstrike join to better align how they name and classify the actors of cyber threats.”
The last sentence refers to a new strategic collaboration in which Microsoft and Crowdstrike will align in their taxonomies of threat actors, which expects it to help improve the confidence in the identification of the threat actors, ‘rationalize the correlation’ between the reports, as well as ‘accelerate the defender’s action in the face of active cybercrimes’.
Objectively ridiculous
Easterly and Martin believe that, although this collaboration will help, it will not “fundamentally reform” the name convention in the way that is needed.
“Here is the problem: we still lack a shared public, neutral and neutral taxonomy in neutral that allows global alignment and interoperability,” they added.
“Meanwhile, we are still using names that sound more like comic characters than what they really are: computer pirates and cybercounts who actively try to interrupt hospitals, paralyze governments and keep companies as hostages.”
Security experts believe that giving names of cybercriminals such as ‘Spider scattered’ or ‘Volt Typhoon’ contributes to a kind of brand identity for the groups, which executes de facto marketing campaigns for them and deceives the public about the severity of threats.
The article requires security experts to stop appointing groups so that ‘Mistifia, glamorize or disinfect their dire activities’, and even call it an ‘objectively ridiculous way to inform the public’ about the dangerous gangs of organized crime.
Organizations such as Spattered Spider have caused serious damage and have interrupted public life in a measurable way, as it did with the supposed ransomware attack aimed at British retailers, and their name must reflect the danger they raise.
“These actors do not deserve intelligent names,” says the article. “Calling them to the earthbags would be frankly more appropriate, or if the creative brand aims to make them more memorable, we would suggest names such as fluid discomfort, weak weasel, weak ferret or dofus dofus.”
