Hackers, including state-sponsored ones focused on espionage and cyberwar, as well as organized cybercriminals exploiting networks worldwide for profit, are not harmless. They wreak havoc on businesses, cause chaos, disrupt critical infrastructure, support harmful militaries and dictatorships, and help these governments spy on and oppress innocent people worldwide. Yet, as a cybersecurity reporter, I find myself using cute pet names like Fancy Bear, Refined Kitten, and Sea Turtle to refer to these organized hacker groups. This practice is embarrassing and diminishes the gravity of reporting about cyber conflict, making it seem as trivial as a Pokémon card game.
Recently, Microsoft’s cybersecurity division announced a new system for naming the hundreds of hacker groups it tracks. Instead of giving these organizations scientific-sounding names based on elements, Microsoft will now use two-word names that include a weather-based term indicating the country the hackers are believed to work on behalf of, as well as whether they’re state-sponsored or criminal. For instance, Phosphorous, an Iranian group that Microsoft reported this week has been targeting critical US infrastructure, now has the less-than-fearsome name Mint Sandstorm.
Iridium, Russia’s most aggressive and dangerous military hacker unit, responsible for multiple blackouts in Ukraine and the most destructive malware in history, now has the whimsical title of Seashell Blizzard. Similarly, Barium, a team of Chinese hackers that has carried out more software-supply-chain attacks than perhaps any group worldwide, is now Brass Typhoon.
Numerous names in Microsoft’s new labeling system for hackers are so ridiculous that they seem to be an April Fool’s Day prank, according to Rob Lee, the founder and CEO of Dragos, an industrial control system cybersecurity company. Despite the humor of the names, however, Lee believes that the new system is counterproductive for actual cybersecurity analysis. The revised system now locks in educated guesses about the national loyalties of hackers with no indication of the analysts’ degree of confidence in those assessments.
Assessments can change over time, so sticking with specific names can lead to confusion in the future. The new names are intended to be more distinct, memorable, and searchable, giving customers more context about hackers in the names, immediately identifying their nationality and motive. Microsoft is using weather elements as a way to name the different groups of hackers, with adjectives preceding those meteorological terms that are chosen by analysts from a long list of words.
To some extent, it may be prudent to choose less overtly ridiculous names for hacker gangs to take away their malevolent allure. For example, members of the Russian ransomware group EvilCorp are unlikely to be pleased with Microsoft’s renaming them as Manatee Tempest. However, is it appropriate to label a group of Iranian hackers seeking to penetrate critical elements of US civilian infrastructure as Mint Sandstorm, as if they were an exotic flavor of air freshener?
Kevin Mandia, the founder and CEO of cybersecurity firm Mandiant, has raised concerns about the effectiveness of such naming conventions. Mandia believes that a standardized naming convention for hacker groups would be useful, but it would be difficult to implement because companies prioritize their marketing strategy over adhering to standards. Despite the challenges, it is crucial to be aware of the dangers of hacker groups, regardless of their given names, such as the devastating ransomware attacks launched by Periwinkle Tempest on Costa Rica last year.
Go to Source
Author: Andy Greenberg