KOR Labs
KOR Labs Cybersecurity is a university spin-off dedicated to combating cyber threats, helping the Internet community collectively increase barriers to abuse as well as companies to increase the effectiveness of their network protection and countermeasures. Their team comprises security researchers with a strong academic track record and expertise in cyber security and Internet technologies. They work investigating malicious activities and sharing knowledge and data with the technical and policy communities to prevent and mitigate cybercrime [1].
Focus edit
Their main focus is on the Domain Name System (DNS) abuse, identifying security vulnerabilities and notifying administrators of vulnerable resources, sometimes before cybercriminals exploit them. They also work at reducing the so-called information asymmetry between cybercriminals (e.g., phishers) and Internet intermediaries, such as hosting providers, top-level domain (TLD) registries, and domain registrars by revealing factors driving abuse, such as why cybercriminals choose to register malicious domain names with certain providers and not others, or why some registries suffer from higher concentrations of phishing or spam domains [1].
Areas of expertise edit
- DNS Abuse: studying of various harmful activities that involve DNS, for example, botnets, phishing, malware, pharming, and spam.
- Internet measurements: software development and provision of other tools to efficiently measure different aspects of Internet protocols.
- Vulnerability notifications: identification of security issues in the wild and regular notification for the owners of vulnerable resources.
- Economics of Cybersecurity: studying the social-economic side of cybersecurity to decrease information asymmetry.
- Cybersecurity Consulting: consulting on risk assessment, threat management, vulnerability testing, and policy development [1].
Funded Projects edit
Cyber Threat Intelligence edit
Cyber Threat Intelligence is a project funded by France 2030, supported by France Relance - European Union [2] and led by the technology company Thales, organizer of the consortium which includes KOR Labs. It was announced on April, 2023 [3]. The aim of the project is to provide a set of cyber threat intelligence services for the French market, aimed at cybersecurity teams. KOR Labs is responsible for providing the platform with various data related to DNS Abuse: domain registration data, DNS records, host information, website data, ranking and popularity data. They also have participation in the design of data analysis algorithms for the Analysis Center. It will also develop reputation algorithms that will evaluate abuse rates among the various types of DNS intermediaries (TLD registries, registrars, and hosting providers) to establish their ranking [2].
ThreatChase edit
ThreatChase is an open platform for protection against phishing. It is a project funded by the European Union (EU) under Grant Agreement No. 101128042 and supported by the European Cybersecurity Competence Centre. The goal of the ThreatChase project is to improve cybersecurity capabilities and raise the level of cyber security across the EU with a platform providing protection against phishing. It works under the idea that the uptake of cybersecurity solutions greatly depends on the data about malicious activities, its accurate analysis, and on providing an open platform for cybersecurity solution adopters. The proposed platform intends on contributing to improved cybersecurity preparedness by offering two services: i) the service of structured data on malicious URLs and domain names used in phishing and ii) the service for phishing mitigation and notification of credentials (email addresses and passwords) stolen for instance as a result of phishing that have appeared in data leaks. The project starting date was October 1, 2023, and the end date will be on September 30, 2026 [4].