Melissa is malware that attacks Microsoft Word and Outlook. You might wonder why its creator chose that name. Cyber lore has it that he named his malicious piece of handiwork after a stripper he knew in Florida. Malware and other cyber threats tend to have less racy origins than Melissa. Yet, there are so many swirling around these days that you could be forgiven for having trouble keeping track of the latest named threat that your IT team is warning you about. The world is beset by cyber threats, each with its own unique new name. While those names can seem arbitrary, many are actually communicating a great deal of information.So, how do all these worms and bots get their names, and what is the significance of each name? Some basic conventions on threat names have developed over time. The people who coin the names try to follow these conventions so that a name suggests the type of threat it poses. There are exceptions, though, like Melissa, which is more of a ribald boast by its creator than anything else. Why Names Are ImportantIf you understand the naming protocols, you can get an idea of the nature of a threat. Names for threats like malware and ransomware tend to follow a few rules or standards that help categorize them (e.g., function, method, or origin). Understanding the nature of risks being posed by a named threat can thus help prioritize your response. In addition, if you understand some of the main naming systems, you have a leg up on communicating with your IT staff and cybersecurity vendors when a newly named threat arises.Origins of Malware/Ransomware NamesThe first thing to know about threat names is that there is no single system governing the process. Instead, there are several different players who come up with these names. Once a name is established, it is used by cybersecurity operators to warn of threats. Still, there are some basics that exist, often related to who’s doing the naming. Here are the key players that come up with malware and ransomware names and what those names can communicate to your business’s IT staff and cybersecurity vendors:
- Researchers. Cybersecurity professionals often originate threat names using the Computer Antivirus Research Organization (CARO), standard (type, platform, family, variant). For example, Backdoor describes threats exploiting backdoor access, while names like Heartbeat or Meltdown reflect specific characteristics of the malware.
- Major organizations. Tech companies, like Microsoft, use their own naming systems. While some follow CARO, others use thematic conventions — for instance, Microsoft names nation-state actors after weather systems (e.g., Typhoon for China, Sandstorm for Iran).
- Creators. Cybercriminals name threats to market them on the black market. Names like WannaCry and Melissa are designed for impact, and some even use logos (e.g., Petya's hammer-and-sickle branding signals Russian origins).
Practical Approaches for Bankers Because the names of malware and ransomware can communicate so much information, it’s important to take advantage of that. Here are a few ways you can use this information to help you prepare in advance for a potential threat:
- Keep track of new named threats. Don’t spend too much time focused on memorizing names because they change so frequently. Instead, ask your IT team to keep you up to date on these developments, and then inform the organization about the new named threats.
- Proactively prep for potential cyberattacks. Since the name of the threat can give you some hint of its nature, that can be useful in communicating with your IT team about the threat and how your financial institution can and should respond if the new threat makes a visit to your computer systems.
- Train employees on what to look for. If you know ahead of time what types of threats are on the rise based on their names, communicate this to your employees and incorporate it into their cybersecurity training so they’ll know what signs to look out for.
New threat names are constantly popping up. Knowing a little about the naming process can help sort through the fog of new threats. What’s important is to stay informed about new threats and work to protect operations and customer assets from them.
