The nonprofit Cyber Threat Alliance (CTA) has organized its members, which includes some big tech companies such as Cisco, McAfee, Palo Alto Networks and Symantec, to share knowledge about software bugs and hacking threats, to alert their customers and limit the damage. To do so, the companies have decided to put cybersecurity ahead of the competition. Dubbed “early sharing,” the strategy goes into action as government-linked groups in China, Iran, North Korea and Russia run devastating hacking campaigns.
The Washington Post reports that, according to McAfee, cybercrime cost consumers “about $600 billion in 2017.” Former Department of Homeland Security cybersecurity official Neil Jenkins noted that CTA’s “members are big enough that they cover a big chunk of real estate.” “When we do this at the same time, it makes it much harder for bad actors,” he said.
Jenkins reported that CTA has “delivered early warnings to millions of organizations and helped decrease the spread of some major hacking campaigns.”
Cisco first engaged in early sharing on May 23 last year when it discovered — and warned other CTA members about via blog post — a VPNFilter malware that Russian hackers might use to “shut off the Internet for at least 500,000 people on Ukraine’s Constitution Day.” The tech company also informed the FBI, which “seized infected Web domains it suspected the Russian hackers would exploit.”
Due to Cisco’s early warning, “all CTA members sent simultaneous urgent notices to their customers describing how to protect against the Russian attack.” At Cisco’s Talos threat intelligence division, manager of threat detection/interdiction Matt Olney explained, “we were able to use CTA as a means to get some of the world’s largest security vendors to come together and have protections in place to minimize the possible negative outcomes.”
Jenkins said that, since then, “CTA has shared advance warnings about approximately a dozen hacking groups linked to nation-states and numerous other criminal hacking campaigns.” Among those, “Symantec shared early information about a China-linked group that allegedly stole and repurposed hacking tools the National Security Agency used against it [as well as] … early data about another group based in Iran.”
CTA members have also strategized a response to “a new form of ransomware that locked up networks at the Norwegian aluminum maker Norsk Hydro in March, causing $40 million in damage, and a bug Microsoft revealed last week that could be as destructive as the $4 billion WannaCry attack launched by North Korea.”