Goofiness aside, the new system is counterproductive for actual cybersecurity analysis, Lee argues. Given that Microsoft’s threat intelligence is some of the best in the world, analysts and customers across the industry will have to actually revise their databases—and even some of their products—to match Microsoft’s new naming scheme, he says. And the revised system now locks in educated guesses about the national loyalties of hackers with no indication of the analysts’ degree of confidence in those assessments, Lee adds.
What if a hacker group thought to be part of a nation’s intelligence agency turns out to be a hacker-for-hire contractor? Or cybercriminals temporarily conscripted to work on behalf of a government? “Assessments change over time,” Lee says. “Like, ‘We told you it was Dirty Mustard and now it’s Swirling Tempest,’ and you’re like, what the fuck?” (Lee’s own firm, Dragos, admittedly gives hacker groups mineral names that are often confusingly similar to Microsoft’s old system. But at least Dragos has never called anyone Gingham Typhoon.)
When I reached out to Microsoft about its new naming scheme, the head of its Threat Intelligence Center, John Lambert, explained the rationale behind the change: Microsoft’s new names are more distinct, memorable, and searchable. In contrast to Lee’s point about choosing neutral names, the Microsoft team wanted to give customers more context about hackers in the names, Lambert says, immediately identifying their nationality and motive. (Instances that are not yet fully attributed to a known group are given a temporary classifier, he notes.)
Microsoft’s team was also just running out of elements—there are, after all, only 118 of them. “We liked weather because it’s a pervasive force, it’s disruptive, and there’s a kindred spirit because the study of weather over time involves improvement in sensors, data, and analysis,” says Lambert. “That’s cybersecurity defenders’ world, too.” As for the adjectives preceding those meteorological terms—often the real source of the names’ inadvertent comedy—they’re chosen by analysts from a long list of words. Sometimes they have a semantic or phonetic connection to the hacker group, and sometimes they’re random. “There’s some origin story to each one,” Lambert says, “or it could just be a name out of a hat.”
There’s a certain, stubborn logic behind the cybersecurity industry’s ever-growing sprawl of hacker group handles. When a threat intelligence firm finds evidence of a new team of network intruders, they can’t be sure they’re seeing the same group that another company has already spotted and labeled, even if they do see familiar malware, victims, and command-and-control infrastructure between the two groups. If your competitor isn’t sharing everything they see, it’s better to make no assumptions and track the new hackers under your own name. So Sandworm becomes Telebots, and Voodoo Bear, and Hades, and Iron Viking, and Electrum, and—sigh—Seashell Blizzard, as every company’s analysts get a different glimpse of the group’s anatomy.
But, sprawl aside, did these names have to be quite so on-their-face ridiculous? To some degree, it may be wise to give names to hacker gangs that rob them of their malevolent glamour. Members of the Russian ransomware group EvilCorp, for instance, are not likely to be happy with Microsoft’s rebranding them as Manatee Tempest. On the other hand, is it really appropriate to label a group of Iranian hackers that seeks to penetrate crucial elements of US civilian infrastructure Mint Sandstorm, as if they’re an exotic flavor of air freshener? (The older name given to them by Crowdstrike, Charming Kitten, is certainly not any better.) Did the Israeli hacker-for-hire mercenaries known as Candiru, who have sold their services to governments targeting journalists and human rights activistsreally need to be renamed Caramel Tsunami, a brand befitting a Dunkin’ beverage, and one that’s already taken by a strain of cannabis?
Note: This article have been indexed to our site. We do not claim legitimacy, ownership or copyright of any of the content above. To see the article at original source Click Here
EF ECOFLOW Portable Power Station Delta 2, 1024Wh LiFePO4 (LFP) Battery, 1800W AC/100W USB-C Output, Solar Generator(Solar Panel Optional) for Home Backup Power, Camping & RVs
$459.00 (as of November 16, 2024 18:56 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Massive Beads Multicolor Tiger's Eye - Vitality and Abundance - Handmade Handmade Yoga Stretch Elastic Bracelet Natural Stone Crystal Healing Power Energy Gifts for Unisex Adult 4mm
$6.99 (as of November 16, 2024 18:56 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
DoHonest Baby Car Camera for Backseat: HD 1080P Easy Setup Carseat Camera Rear Facing Infant - Crystal Night Vision 360° Rotating Baby Car Monitor for Kids - V33
$18.99 (as of November 16, 2024 18:56 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Portable Power Battery Pump, Upgraded Battery Operated Electric Siphon Pump Water Transfer Pump, Easy to Use…
$19.99 (as of November 16, 2024 18:53 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
