Symantec's Morpho misstep

By on
Symantec's Morpho misstep

[Blog post] What's in a name?

Last week Symantec reported it had discovered a new and extremely sophisticated threat group, which it dubbed Morpho, that had been targeting some of the world’s biggest tech firms as well as others in the legal, resources and pharmaceutical sectors.

However, after the initial flurry of reporting around the issue, Symantec's link to the PDF document containing its research on the attackers strangely no longer worked.

Following a little digging, it turns out Symantec was encouraged to change the name it had attributed to the threat group.

It's now Butterfly, no longer Morpho.

Googling reveals there is a butterfly called the Morpho that lives in the Central American rainforests of Mexico, Brazil and Costa Rica. So a seemingly random change from Morpho to Butterfly, but the name is still loosely connected with the original sentiment. Nice work. But why?

Morpho is actually the name of a legitimate security and identity solutions company with an annual turnover of €1.5 billion, offices in 55 different countries and over 8600 employees worldwide.

As you might have guessed, Morpho wasn’t pleased when it found out its company’s precious name had been used to badge one of the most sophisticated and insidious threat actors to be found this year.

In an attempt to clear up the misunderstanding, Morpho released a statement to try to disassociate its name with any involvement with the similarly-named hacking group.

“To avoid any confusion with our customers and partners, we formally state that there is absolutely no connection with the aforementioned hacker group and Morpho. Our activities are fully dedicated to ensuring a safer digital and physical world," the company wrote.

This ill-considered and awkward slip-up by Symantec has had the effect of constructing an online synapse between a legitimate company name and this international cybercrime gang.

Symantec has done what it needed to do to appease Morpho - rebadge the attack group with a new name - and Morpho has affirmed to its clientele the company and the attack group are unrelated.

But is the quick name change and Morpho's public statement enough? Could this cause more reputation damage than either of the companies has considered?

I’d hope not, but if I was on the marketing team over at Morpho, I would be in crisis mode right now, looking at critical containment measures to stop the spread of fear, uncertainty and doubt related to the company's good name.

The issue is that it's difficult to gauge how much or how little effect this will have on Morpho’s reputation.

We all know that reputational risks can affect our bottom line, but there's no clear way to measure how a brand tarnished by another's mistake could detract from its business in years to come.

How does the account manager at Morpho, two years from now, while trying to close a deal with a new customer, know that the real reason the customer decided not to sign was because a quick Google search associated the company's name with a hacking group?

If that customer is easily influenced or simply has some doubt, it may be enough to sway the purchasing decision towards a competitor.

Aptly, the butterfly effect is described as being when a small change in one state of a deterministic nonlinear system can result in large differences in a later state, but the chaotic nature of the systems means predicting the final outcome is all but impossible.

I hope for both Symantec and Morpho’s sake that this system’s energy fizzles out quickly, but if not, these two tech giants might feel the full ferocity of the butterfly effect as this misstep escalates into a super storm.

Got a news tip for our journalists? Share it with us anonymously here.
Tony Campbell
Tony Campbell has been a technology and security professional for over two decades, during which time he has worked on dozens of large-scale enterprise security projects, published technical books and worked as a technical editor for Apress Inc.

He was was the co-founder of Digital Forensics Magazine prior to developing security training courses for infosec skills.

He now lives and works in Perth, where he maintains a security consulting role with Kinetic IT while continuing to develop training material and working on fiction in his limited spare time.

Read more from this blog: Unpatched

Most Read Articles

Log In

  |  Forgot your password?