On March 27, 2023, the Cybersecurity Tech Accord (CTA) released a new set of principles to help guide the technology industry and others in dealing with the growing market of cyber mercenaries. Trend Micro was a co-author of these principles, bringing our expertise and research of cyber mercenaries to help craft these principles for the industry. Trend Micro is one of the founding members of the CTA, and we worked with other members, Cisco, META, and Microsoft, in developing them. With what is occurring in the world today, with Russia's invasion of Ukraine and the cyber aspect of it, from destructive attacks to espionage, the use of cyber mercenaries was an area we all found concerning and needed to be addressed within our industry. These principles, if adopted, will help the world deal with these cyber mercenaries and hopefully minimize their activities.
That’s why the Cybersecurity Tech Accord has released the following five principles:
- Counter cyber-mercenaries’ use of products and services to harm people.
- Identify ways to actively counter the cyber mercenary market.
- Improve cybersecurity awareness among customers, users, and the general public.
- Protect users by maintaining the integrity and security of products and services.
- Develop processes for handling valid legal requests for information.
This includes conducting human rights due diligence to identify risks stemming from possible misuse of technology, taking lawful action against cyber-mercenaries, and sharing information with industry peers, researchers, and civil society partners on attack trends.
Ensure compliance with legal restrictions aimed at the cyber mercenary market. Promote wider compliance with international human rights standards/laws designed to prevent human rights abuses enabled by technology. Advocate coordinated governance frameworks, policy guidelines, and regulations to limit the export and import of, and investments in, IT used by cyber-mercenaries.
Greater awareness of cyber-mercenaries and ways to defend against them will enhance the resilience of potential victims.
Produce tools to detect cyber-mercenary behavior, promote strong encryption to increase the protection of products and services, and never knowingly weaken the security of customers. Also, notify users whose accounts may have been targeted by cyber-mercenaries.
Establish and maintain processes to ensure government agencies and law enforcement can submit lawful requests for information in line with their human rights obligations. Safeguard such processes from attempted exploitation by cyber-mercenaries and other bad actors. Increase transparency of the law enforcement requests process, such as by making the number of requests companies receive public.
Trend Micro has a long history of researching many of the different cybercriminal undergrounds and understanding what these malicious actors are doing. More recently, we published an article about the cyber mercenary group, Void Balaur, giving information about their tactics, techniques, and procedures (TTP). We will continue to publish information about groups we uncover in the future, which is one of the principles we support in the guidance given.
Another interesting item occurred this week, the US Government announced a new Executive Order prohibiting the US Government from using commercial spyware that poses a risk to national security. Many cyber mercenaries offer spyware to their customers, and so this is a great step in dealing with this cyber threat moving forward. While the CTA principles are global in nature, each nation/state may need to address these cyber mercenaries and their tools themselves and we encourage them to take action.
With both public and private institutions moving forward on this at the same time is a great step in creating a world safe for exchanging digital information, which has been the mission statement of Trend Micro since we were founded in 1988. We will continue to work to improve the lives of individuals and support our commercial customers along with public institutions. You can find more of our research here, and regularly check for the latest information on threats, attacks, and cyber actors and groups we publish.