Perplexed by the abundance of unknown threat groups? You're in good company. CrowdStrike and Microsoft aim to clarify these names.
Cybersecurity can get real messy, what with all the different names slapped on threat groups, leaving us scratching our heads and wondering who exactly we're up against.
Well, here's some clarity: 'Cozy Bear', Nobelium, 'Midnight Blizzard' - turns out these are just a few alias’s for the same notorious group. The reason for the name game? As various tech firms and intelligence agencies track different activities, there's no real unity or alignment when it comes to identifying these groups.
But it seems like Microsoft and CrowdStrike are making moves to change that. They've announced a groundbreaking collaboration to develop a joint mapping system, aiming to create a standardized naming system for cyber threat actors, and hopefully end the confusion.
"By eliminating the ambiguity in naming, we're giving cybersecurity defenders a clearer picture of who's targeting them and how to respond," according to Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike. Collaborating Microsoft’s deep expertise in threat intelligence with CrowdStrike's wealth of data, the partnership promises to provide a unified effort to tackle persistent threats in the cyber world.
As of now, the shared analyst-led effort between the two companies has led to the deconflicting of over 80 adversary names, including Microsoft's 'Volt Typhoon' and CrowdStrike's 'Vanguard Panda', both referring to the same Chinese state-sponsored group.
Google is also hopping on board, joining forces with their Mandiant threat intelligence group to contribute to the scheme. Similarly, Palo Alto Networks’ Unit 42 has committed to the naming convention approach.
Critics, like Ilia Kolochenko, CEO of ImmuniWeb, see this as a step towards a more aligned cyber defense ecosystem, but they question whether complete alignment is even achievable. The industry has historically struggled to achieve unity in unified defense efforts and attribution questions, Kolochenko said.
Nonetheless, the standardized naming system promises to simplify threat identification and analysis, making it easier for cybersecurity professionals to efficiently track and respond to threats. Keep an eye out for this partnership and the moves it may make in the cybersecurity landscape.
This collaboration between Microsoft and CrowdStrike aims to develop a standardized naming system for cyber threat actors, which could potentially simplify threat identification and analysis in the realm of cybersecurity infrastructure. By eliminating ambiguity in naming, this system could provide cybersecurity professionals with a clearer picture of who's targeting them and how to respond, leveraging technology to address persistent threats more effectively.
