At the RSA Conference 2022, a panel of experts detailed efforts led by the World Economic Forum (WEF) to build a multi-stakeholder tool called the Cybercrime Atlas.
Tal Goldstein, head of strategy, Centre for Cybersecurity at the World Economic Forum Centre for Cybersecurity, explained that his organization has long been working at the global level to try and address the most pressing issues facing the world.
“In the last two years, we’ve launched the partnership against cybercrime,” Goldstein said. “The Cybercrime Atlas is probably the most promising direction in promoting such collaboration.”
Derek Manky, chief security strategist & VP of Global Threat Intelligence at Fortinet, explained that the partnership started with a report at the end of 2020 that provided recommendations on how to improve global cybersecurity. In 2021, the effort decided to start a project to implement some of the recommendations, which include better information sharing and collaboration.
Problems the Cybercrime Atlas Project Solves
Michael Daniel, president and chief executive officer at the Cyber Threat Alliance, said that the name Atlas accurately describes the initiative. Daniel noted that an atlas in the physical world is a book of maps, which you can actually think of as visualizations of the underlying data about the physical earth.
“We want to be able to do the same thing for the cybercriminal ecosystem,” Daniel said. “How do we actually understand the ecosystem as a whole and enable different views of that ecosystem?”
A key challenge is that in the modern threat landscape, malware names are no longer synonymous with a single criminal group because all of the criminal groups use similar tools and could be using the same malware. The Cybercrime Atlas is intended to pull all the data together to help get the full picture of a threat adversary group’s activities.
Goldstein said that the current state of the Cybercrime Atlas project is that it is now halfway through the initial list of 12 threat adversary groups it has targeted for analysis. Moving forward, the plan is to figure out how to scale operations for sharing and building out analysis efforts and identify opportunities to disrupt cyber-criminals’ activities.
Amy Hogan-Burney, associate counsel and general manager, Digital Crimes Unit, at Microsoft, said that a key goal of the project is to be more strategic about understanding global cybercrimes.
“The idea behind this is to really create a product that is available to be used so that it can augment and help prioritize the work,” Hogan-Burney said.