The World Economic Forum introduced the Cybercrime ATLAS project during the RSA Conference, built on the expertise of public sector and private sector partnerships to map and eventually disrupt the cybercriminal ecosystem.

The ATLAS project is spun out of the World Economic Forum’s Partnership Against Cybercrime (PAC) which includes over 40 private and public sector members, Derek Manky, VP of global threat intelligence at Fortinet’s FortiGuard Labs, told SDxCentral in an interview. Fortinet is one of the founding members.

PAC group issued a report at the end of 2020 offering recommendations against cybercrime. Then the group worked toward implementing and systematizing those recommendations. “Last year was really the start of Project ATLAS,” he noted. 

The World Economic Forum plays a role in facilitating collaboration for the project. It brought in around 10 companies from various sectors worldwide including Fortinet, Check Point, Microsoft, PayPal, Bank of America, and more, according to Tal Goldstein, head of strategy for Centre for Cybersecurity at World Economic Forum.

Initially, the analysts in the project chose “13 well-known threat actors to look into, and they were spread across all different types of cybercriminal activities,” including malware, ransomware, business email compromise, and more, Amy Hogan, associate counsel and GM of Microsoft’s Digital Crimes Unit, said during a panel at RSA Conference.

She didn’t name all 13 cybercrime groups, but mentioned TrickBot and Cosmic Lynx in the discussion. 

One of the steps the analyzing group will take for the ATLAS project is to create links between the information gathered about threat actors, she said.

“The first example they came up with is that they were looking into TrickBot … one of the IPs that was used in TrickBot was very closely used with Cosmic Lynx, which is a Russian-based business email compromised actor,” Hogan noted. This “is useful as we're starting to think about how we would disrupt this infrastructure.”

The project started in the “proof of concept” phase mid-last year. “ATLAS specifically, it's about mapping the cybercriminal ecosystem, which there's a lot of interest in, but it's easier said than done,” Manky said.

The participants are currently working on building and designing the structure for implementation, Goldstein added. And they aim to move into the operational phase in the next six months. 

“We haven't done disruption yet ... That's ultimately where we're heading,” Manky explained. The next phase will work on issues such as “how do we measure success? How do we start to actually run those operations, do true disruption? And to me, that's the endgame.”