- Cyber security experts recommend that we consider the way we name attackers
- Names like Salt Typhon and Fuzzy Bjørn are misleading they claim
- Microsoft and Crowdstrike have agreed to customize their name conventions
A co-written article from former chiefs of the UK and the US CyberSecurity Agencies, Jen Easterly (CISA) and Ciaran Martin (NCSC), have called for the naming conventions of threat actors to be reconsidered and call the current names ‘misleading’.
“These names are not just confusing – they are misleading. They hide attribution, mystify the public and often glamorize dangerous opponents,” the righteous article urges.
“That’s why we welcome the news that Cyber Security Leaders Microsoft and Crowdstrike join together to better adapt how they name and categorize cyber threats.”
The latter sentence refers to a new strategic collaboration in which Microsoft and Crowdstrike will adapt to their threat actor, as it hopes, will help improve confidence in the threat’s identification, ‘Streamline Correlation’ between reports and ‘accelerate defense action in the face of active cybertreats.’
Objectively ridiculous
Easterly and Martin believe that although this collaboration will help, it will not ‘fundamental reform’ the Name Convention in the way needed.
“Here’s the problem: We still lack a shared, supplier neutral, public taxonomy that enables global adaptation and interoperability,” they added.
“In the meantime, we still use names that sound more like cartoon characters than they really are: National State Hackers and Cyber Criminals who actively try to disturb hospitals, paralyze governments and hold businesses hostage.”
Security experts believe that giving cyber criminal names like ‘scattered spider’ or ‘volt typhoon’ contributes to a kind of brand identity for the groups running de-facto marketing campaigns for them and misleading the public about the severity of the threats.
The article calls for security experts to stop naming groups in ways that ‘mystify, glamorize or clean their dishonest activities’ and even go so far as to call it an ‘objectively ridiculous way to inform the public’ of dangerous organized crime gangs.
Organizations such as scattered spider have done serious injuries and have disturbed public life in a measurable way, as it did with the alleged ransomware attack aimed at British retailers – and their name should reflect the danger they pose.
“These actors do not deserve smart names,” notes the article. “Calling them dirt would honestly be more appropriate, or if creative branding is aimed at making them more memorable, we will suggest names like scrrairny genes, weak weasel, weak ferrets or doofus dingo.”
