It’s time to stop thinking of threat groups as supervillains, experts say

August 19, 2024

Blackwired is committed to the study of threat actors and their tools: it’s a necessary part of the operation to protect users from cyberattacks. However, it can be easy for the uninitiated, and even the experts, to be daunted by threat actors, especially the ones working on the largest scales. Analysts give these groups flashy names, such as Scattered Spider, Fancy Bear, or Midnight Blizzard. At last year’s RSA conference, CrowdStrike put up a statue dedicated to one such threat actor, tracked as Wizard Spider, and this year at Black Hat in Las Vegas, CrowdStrike gave the same treatment to Scattered Spider. This certainly has its benefits, since it helps end users be more aware of the threats facing them, but multiple experts now consider that this kind of behavior might be counterproductive.

According to Andy Piazza, senior director of threat intel at Palo Alto Networks Unit 42, some defenders spend too much time tracking the activity of threat groups. He believes their time would be better spend focusing on developing internal capabilities to respond to malicious tactics, techniques and procedures, regardless of who specifically employs them. Jen Easterly, director of CISA, sounded a similar note during her keynote speech at Black Hat, suggesting that too many resources are spent tracking threat actors when most of them are just making use of the same old vulnerabilities and the same old tactics.

Here at Blackwired, we try to strike a middle ground between admiration and contempt. While the vast majority of threat actors make use of common tools and common vulnerabilities, they do so because they work. Fresh changes to the same old tools can spoil detection, which is why we provide up-to-the-minute intelligence and training data. And even if most threat actors are simple script jockeys, it’s the rare few that go beyond this that can cause the most damage. We should not romanticize them, true, but being cautious is still essential.

More from Blackwired

December 16, 2024

CISOs need to consider the personal risks associated with their role

CISOs face personal liability for cybersecurity incidents, boosting accountability but increasing stress and deterring professionals.

Read more
December 9, 2024

The Shocking Speed of AWS Key Exploitation

AWS keys exposed online are exploited in minutes, highlighting the need for faster detection and response to prevent breaches.

Read more
December 2, 2024

Advanced Cyberthreats Targeting Holiday Shoppers

The holiday season sees increased e-commerce scams, with AI-driven phishing, fake sites, and data theft targeting consumers and businesses.

Read more