Cyber chatter flowed on Twitter today after a researcher, who goes by the take care of @pancak3lullz, posted about claims from ransomware gang REvil that EvilCorp and Maze are really a single group operated by eight persons with ties to the Russia authorities.
Even though exciting, really should rank-and-file security execs even care about this type of chat?
Possibly not in terms of defense methods, stated Rick Holland, chief information security officer and vice president of technique at Electronic Shadows, who agreed that while defining attribution to notable ransomware teams is as intriguing as it is complicated, for the bulk of company defenders, it’s largely a distraction.
“Your defenses do not substantially modify no matter if you are up versus a conventional cybercriminal or state-affiliated just one,” Holland reported. “Patching recognized vulnerabilities, enabling multi-element authentication, and disabling macros will go a extensive way no make a difference the risk de jour.”
Joe Slowick, senior security researcher at DomainTools, warned that until finally substantiated, statements of a hyperlink concerning the two teams need to be taken care of with intense skepticism.
“Overall, quick of having direct accessibility to adversary infrastructure communications, or operational preparing, it is pretty hard to ‘pinpoint’ these types of teams, in particular as ransomware functions ever more crack down into a number of ‘teams’ advertising access, providers, and tools to each and every other,” he reported.
Just as some problem the validity of meant ties among the teams, or affiliation with Russia’s Federal Counterintelligence Support, some see the statements as a prospective purple herring.
“Personally, I imagine it is all a ploy to generate distraction from authentic investigative operate on the matter and a lot more darknet drama all-around an presently panic-fueled darknet commodity,” mentioned Mark Turnage, CEO of DarkOwl.
Open resource reporting from December 2019 joined EvilCorp to Maxim Yakubets and the federal government issued indictments for Yakubets and other major associates of the EvilCorp hacking team, assessed to be heavily safeguarded by the Russian government. Nonetheless, Tor and equivalent decentralized networks that secure the originating IP handle of its consumers make deanonymization of precise buyers extremely hard.
What is very clear, even so, is that teams inside the community periodically dismantle or reincarnate with new branding and personas.
“There’s no question that lots of of the groups are working jointly, Turnage stated. “But to what extent they are all one in the exact is remaining to be discovered.”
Some parts of this article are sourced from:
www.scmagazine.com