January 20, 2022

How to block phishing sites in a few clicks.

Our Threat Intelligence service (further – TI) is a set of important services that help orientate businesses in the anything-but-straightforward cyberthreat landscape and take the right decisions for enhancing their cybersecurity. In a nutshell, it’s all about the collection and analysis of data about the epidemiological situation within and outside a corporate network, professional tools for investigating incidents, analytical reports about new targeted cyberattacks, and much more besides. And it’s what every developer of corporate systems of cybersecurity has – or should have – in their product-ecosystem; it’s like a trump card or panic button, without which the ecosystem is like… a chair with weak, creaking legs. At any moment you can be in for a fall – a very painful one.

With TI, a cybersecurity expert can keep an all-seeing eye on the surroundings around their cyber-fortress (and even see over the horizon). He or she is able to keep track of what the enemy is up to – where they’re coming and going, how well they’re armed, what’s in their minds, and what strategies, tactics and intelligence they use. Without TI, even with the best defensive weaponry and bomb-proof walls, the fortress is still vulnerable: the enemy won’t necessarily come through the main gate; it could tunnel its way in or go for an aerial attack. Not good Disaster.

// Commercial-break button – ON:

We at K started to develop our own TI portal back in 2016. Since then it’s come on leaps and bounds – so much so that last year the analytical agency Forrester recognized us as a world leader in the market. And many big names around the world agree with Forrester, having become users of our TI services long ago: for example Telefonica, Munich Airport, Chronicle Security, and CyberGuard Technologies.

// Commercial-break button – OFF.

Perhaps the jewel in our TI-crown is the Digital Footprint Intelligence service (further – DFI)…

DFI puts together a broad, dynamic ‘digital portrait’ of an organization (network perimeter resources – IP-addresses, company domains, cloud and hosting providers used, and also employees, associated brands, subsidiaries and branches), and subsequently monitors that portrait and its use of open sources and the darknet and deepweb. Also applied is our own knowledge database, which contains information about almost a thousand ongoing targeted attacks and various malicious tools.

Thus, DFI uncovers vulnerabilities and potential threats and data leaks, plus signs of past, current and even planned cyberattacks. And it does so very well indeed; example: one of our DFI-investigations in the Middle East uncovered so much critical, sensitive information, and also soooo many scandalously hole-y networks that… ->

So what should a DFI user do if the DFI monitoring red warning light starts flashing – signaling a problem? For example, it’s found a phishing website that’s pretending to be your organization, and it’s collecting credit card numbers from your regular users? // For more on what tricks are being used by the cyber-baddies, read our recently published investigation on spam and phishing.

Normally in such a case (without DFI) an organization would need to undertake the rather painful procedure of collecting proof of the cyber-fraudulent actions, to create a takedown request to the organization managing the site’s domain zone, and to transfer to that organization the collected proof; then it needs to keep checking that the request is being carried out, and to submit extra materials if needed. It’s a rather labor-intensive task, requiring a designated specialist – or even a whole designated team of experts. Labor intensive – yes; fast no: up to around 50% of phishing pages remain active for a whole month after a phishing verdict is issued in this way. Like I say: painful; also expensive.

But with DFI, the procedure becomes both simple and cheap – and with zero compromises in terms of quality. A new service has been added to our TI portfolio called Takedown, which is a one-stop shop for managing the blocking of malicious, phishing and typosquatting domains.

As soon as DFI robots locate such a cyberattack (and each day we register more than 15,000 phishing URLs), all the user needs do is click their mouse a few times to create a request for blocking a site. After that, everything’s automated, much like ordering something online to be home-delivered. We collect the evidence, we send it to the competent authorities, we follow up the request, and we inform the customer at every stage of the problem’s being solved.

Over several years we’ve been establishing solid professional relations with domain name registrars, national and industry-specific emergency response teams (CERTs), international cyberpolice (INTERPOL, Europol…), and other relevant competent organizations. And today, the process of blocking malicious sites for us has been perfected to the slickest of smooth business operations. Oh yes. Meanwhile, all the customer does is view the updates it gets as we carry out the request. And that’s it! Easy as pie!

For us today it takes, on average, a few days to get a malicious site blocked (depending on the domain zone, domain level, and the hosting provider). A bit better than a month+, right? And it’s not very expensive either. Also, our DFI relieves experts from complex non-core work, lowers digital risks, and allows staff specialists to concentrate on their own priority tasks.

Sign up!

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email
  • No, thanks

READ COMMENTS 0
Leave a note
Facebook

April 16, 2024

Water, outside, not frozen – below -40°C. How?!

Our friend, the Far North – even in winter (and up there, in northern Yakutia, even March is winter). The extended winter of the North is a kingdom of eternal snow and ice, extreme cold, and endless white expanses. All the same – and you won’t believe this – you can find H2O in liquid form […]

April 12, 2024

You’ve heard of a road trip. But what about an ice-road trip?!

You’ve had your intro posts already; now, if there are no questions from the audience, I’ll proceed to my next tale from the Far Northern side, which could have been titled “Yakutian ice roads heading north from Kolyma Highway“. But first, I think – an explainer… What is an ice road? And what’s a winter […]

April 9, 2024

My friend, the North. Yakutsk-Tiksi-Yakutsk 2024.

Hi folks! Last week I completed quite possibly my most mind-blowingly awesome trip up to the Far North – from Yakutsk in a northeasterly direction and then further north to Russia’s northern coast. You’ve had a few intro-posts on the expedition already; now for a (slightly) deeper dive… My regular readers will know well how […]

April 4, 2024

Yakutian winter roads, photoshoots on frozen rivers, and 4×4 and other good fun.

Hi folks! You’ve had your aperitifs, finger-nibbles, and soup (one, two, and April 1); now for… a salad starter!… How long have we been road-tripping on Yakutian highways and winter roads? Oh – three weeks already! Time to be heading back home I guess… As usual for my expeditions, I’ve taken a ton of photos […]

April 2, 2024

Far-North Road-Trip 2024: onward – northward!

The internet connection here is really unstable – coming and going all day long. Just now it’s available though, so here’s my next mini-tranche of Siberian on-the-road/wilderness pics: These photos are of a winter road upon a frozen river. As you can see – sunny and cloudless: a beautiful day indeed. The internet’s disappeared again […]

April 1, 2024

A new scientific discovery (of ours) in Siberia: mega-heavy water (and floating stones)!

Hi folks! Well, well; I wasn’t expecting this: we’ve made a world-first discovery in Yakutia while on our Far-North Road-Trip – mega-heavy water! The pioneering discovery was made in the Indigirka river, here. We were crossing said frozen river in our 4x4s, and we decided to take a photo-stop as the surrounding scenes were so […]

More

Travel Vlog

You might also like…