The World Economic Forum (WEF), together with a few tech heavy-hitters, wants to map out the entire cybercrime ecosystem.
The goal of the project, revealed at the recent RSA security conference, is to better understand who is who in the cybercrime world, who is friends with whom, who outsources which parts of the cyberattacking effort to whom, who builds, and who uses what tools and software.
With this information, it was said, attribution will become easier which, in turn, will make issuing warrants, arrests, and asset seizures, a lot easier. By mapping out the entire cybercrime world, the companies believe they’ll make cyberspace a safer environment for everyone.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
The project is called The Atlas Initiative, and besides WEF, other contributors include Fortinet, CTA, and Microsoft.
"This isn't a threat feed," said Derek Manky, chief security strategist at FortiGuard Labs, during an RSA Conference panel about the project. "We're looking at the non-traditional artifacts. Think: crypto addresses and bank accounts, phone numbers, emails, things that ultimately help to build the challenge of attribution, which we always say is the holy grail."
As they build out Project Atlas, all the data used will be open-source. The companies will not only look at technical indicators of compromise, antivirus (opens in new tab) or firewall (opens in new tab) data, but also on things like social media accounts, indictments and other court documents, blogs, and pretty much any other non-proprietary info out there.
> Conti ransomware group officially shuts down - but probably not for long (opens in new tab)
> Microsoft detects new Evil Corp malware attacks (opens in new tab)
> DarkSide hacking group apparently shuts down following pipeline attack (opens in new tab)
"One of the problems we frequently bump up against when we're talking about sharing information is: Is it proprietary from the private sector? Is it a work product such that they don't necessarily want to share? Is it classified information from governments? But that doesn't mean there isn't information that's available," said Amy Hogan-Burney, associate counsel and GM of Microsoft's Digital Crimes Unit.
For starters, the group will focus on 13 threat actors. While no names have been dropped, the media are speculating that TrickBot, Conti, Evil Corp, DarkSide, and the Lazarus Group, which have been infecting millions of endpoints (opens in new tab) for years now, will make the cut.
Via: The Register (opens in new tab)