Cyber chatter flowed on Twitter these days right after a researcher, who goes by the take care of @pancak3lullz, posted about promises from ransomware gang REvil that EvilCorp and Maze are actually 1 group operated by eight folks with ties to the Russia government.
Though interesting, should rank-and-file security professionals even care about this type of chat?
Probably not in terms of protection strategies, claimed Rick Holland, chief information and facts security officer and vice president of tactic at Electronic Shadows, who agreed that when defining attribution to prominent ransomware groups is as intriguing as it is tough, for the bulk of business defenders, it is mostly a distraction.
“Your defenses never substantially improve no matter if you are up from a traditional cybercriminal or point out-affiliated one particular,” Holland claimed. “Patching recognized vulnerabilities, enabling multi-factor authentication, and disabling macros will go a very long way no matter the threat de jour.”
Joe Slowick, senior security researcher at DomainTools, warned that till substantiated, promises of a url in between the two groups should be treated with extraordinary skepticism.
“Overall, brief of obtaining immediate accessibility to adversary infrastructure communications, or operational planning, it is really tough to ‘pinpoint’ these groups, in particular as ransomware functions progressively crack down into a number of ‘teams’ promoting obtain, providers, and applications to each and every other,” he stated.
Just as some concern the validity of supposed ties concerning the groups, or association with Russia’s Federal Counterintelligence Service, some see the claims as a likely pink herring.
“Personally, I assume it is all a ploy to produce distraction from respectable investigative work on the subject and far more darknet drama around an already stress-fueled darknet commodity,” said Mark Turnage, CEO of DarkOwl.
Open resource reporting from December 2019 linked EvilCorp to Maxim Yakubets and the federal government issued indictments for Yakubets and other foremost associates of the EvilCorp hacking group, assessed to be seriously shielded by the Russian federal government. Nonetheless, Tor and related decentralized networks that safeguard the originating IP tackle of its users make deanonymization of distinct buyers particularly demanding.
What is distinct, even so, is that teams within just the neighborhood periodically dismantle or reincarnate with new branding and personas.
“There’s no question that several of the groups are functioning with each other, Turnage stated. “But to what extent they are all just one in the same is left to be exposed.”
Some sections of this short article are sourced from: