The ThreatChase is a project that aims improve cybersecurity capabilities and raise the level of cyber security across the European Union with a platform providing protection against phishing. For the project creators, cybersecurity solutions greatly depends on the data about malicious activities, its accurate analysis, and on providing an open platform for cybersecurity solution adopters. The proposed innovative platform will contribute to improved cybersecurity preparedness by offering two services: i) the service of structured data on malicious URLs and domain names used in phishing and ii) the service for phishing mitigation and notification of credentials (email addresses and passwords) stolen for instance as a result of phishing that have appeared in data leaks. The project starting date was October 1, 2023, and the end date will be on September 30, 2026.[1]

Objective and Goals

The objective of the project is to identify URLs (and collect comprehensive metadata) used in phishing attacks across all accessible open sources on the Internet through both passive and active scanning methods. The ThreatChase phishing service will be available to all interested parties in the form of a blacklist and made available through the MISP server for storing, distributing, and sharing phishing threat indicators. The ThreatChase service will provide organizations with information about known and newly identified malicious URLs and domains, allowing them to identify and correlate security threats and take proactive measures to protect their networks and systems by blocking spam emails, phishing websites and resolutions of malicious domain names.

In addition to the proactive measures for fighting phishing, the platform will provide a service for companies and victims of phishing attacks that notifies companies and Internet users about their credentials (email addresses and password) appeared in leaked databases along with enabling a risk assessment of whether a password change is needed. Many organizations already experienced the situation in which, as soon as new leaked datasets with credentials have been published in the Internet, new cyber attacks started on the companies' web portals. One of the reasons of the attacks is that it is not a common practice among Internet users of having different passwords for different web applications they use. Because of that, cyber-criminals try to check leaked credentials, heavily expecting benefits from taking over user accounts for various Internet services (telco, financial, social media, etc).[1].

Funding and Partnerships

ThreatChase is a project funded by the European Union (EU) under Grant Agreement No. 101128042 and supported by the European Cybersecurity Competence Centre. [2]

The ThreatChase Consortium consists of four participants from three EU member states (France, Poland, and Portugal):

  • KOR Labs, a university spin-off focused on domain name and Domain Name System (DNS) abuse.
  • ORANGE Polska, the leader on the Polish market of fixed telephony, Internet, and data transmission.
  • PDMFC, a Portuguese company with a strong focus on the area of Information Security.
  • NovaForensic, a start-up from Portugal with a focus on the development of tools for Digital Forensics.[1].

References