KOR Labs

From ICANNWiki
Jump to navigation Jump to search
Korlabs.png
Type: Simplified joint stock company (SAS)
Industry: Cybersecurity
Founded: France, 2021
Founder(s): Maciej Korczynski and Andrzej Duda
Headquarters: 28 r Joseph Moutin, 38180 SEYSSINS
Country: France
Website: https://korlabs.io/
LinkedIn: https://www.linkedin.com/company/kor-labs/
Twitter: TwitterIcon.png@https://x.com/kor_labs

KOR Labs Cybersecurity is a university spin-off dedicated to combating cyber threats, helping the Internet community collectively increase barriers to abuse as well as companies to increase the effectiveness of their network protection and countermeasures. Their team comprises security researchers with a strong academic track record and expertise in cyber security and Internet technologies. They work investigating malicious activities and sharing knowledge and data with the technical and policy communities to prevent and mitigate cybercrime [1]. The founders of KOR Labs are Prof. Maciej Korczynski and Prof. Andrzej Duda [2]

Focus[edit | edit source]

Their main focus is on the Domain Name System (DNS) abuse, identifying security vulnerabilities and notifying administrators of vulnerable resources, sometimes before cybercriminals exploit them. They also work at reducing the so-called information asymmetry between cybercriminals (e.g., phishers) and Internet intermediaries, such as hosting providers, top-level domain (TLD) registries, and domain registrars by revealing factors driving abuse, such as why cybercriminals choose to register malicious domain names with certain providers and not others, or why some registries suffer from higher concentrations of phishing or spam domains [1].

Areas of expertise[edit | edit source]

  • DNS Abuse: studying of various harmful activities that involve DNS, for example, botnets, phishing, malware, pharming, and spam.
  • Internet measurements: software development and provision of other tools to efficiently measure different aspects of Internet protocols.
  • Vulnerability notifications: identification of security issues in the wild and regular notification for the owners of vulnerable resources.
  • Economics of Cybersecurity: studying the social-economic side of cybersecurity to decrease information asymmetry.
  • Cybersecurity Consulting: consulting on risk assessment, threat management, vulnerability testing, and policy development [1].

Funded Projects[edit | edit source]

NetBeacon MAP[edit | edit source]

Main article: NetBeacon MAP

NetBeacon MAP, formerly DNSAI:Compass until June, 2023 and DNSAI Intelligence until September, 2022, is a collaboration between KOR Labs and the NetBeacon Institute. KOR Labs is responsible for collecting the data, which is then provided to the Institute, that works with PIR’s Data Analytics team to create interactive charts, reports, and individualized dashboards to measure and track the use of the DNS for phishing and malware [3].

INFERMAL[edit | edit source]

Main article: Inferential Analysis of Maliciously Registered Domains

INFERMAL (Inferential Analysis of Maliciously Registered Domains) is a research project being carried out by KOR Labs and funded by ICANN. The goal of this project is to conduct an in-depth analysis of maliciously registered domain names, aiming to uncover cyber attackers' preferences and possible measures to mitigate abusive activities within the domain name space. The first meeting for this project happened in November, 2022, [4] and it was announced in April, 2023 [5].

Cyber Threat Intelligence[edit | edit source]

Main article: Cyber Threat Intelligence

Cyber Threat Intelligence is a project funded by France 2030, supported by France Relance - European Union [6] and led by the technology company Thales, organizer of the consortium which includes KOR Labs. It was announced in April, 2023 [7]. The aim of the project is to provide a set of cyber threat intelligence services for the French market, aimed at cybersecurity teams. KOR Labs is responsible for providing the platform with various data related to DNS Abuse: domain registration data, DNS records, host information, website data, ranking and popularity data. They also have participation in the design of data analysis algorithms for the Analysis Center. It will also develop reputation algorithms that will evaluate abuse rates among the various types of DNS intermediaries (TLD registries, registrars, and hosting providers) to establish their ranking [6].

ThreatChase[edit | edit source]

ThreatChase is an open platform for protection against phishing. It is a project funded by the European Union (EU) and supported by the European Cybersecurity Competence Centre. The goal of the ThreatChase project is to improve cybersecurity capabilities and raise the level of cyber security across the EU with a platform providing protection against phishing. It works under the idea that the uptake of cybersecurity solutions greatly depends on the data about malicious activities, its accurate analysis, and on providing an open platform for cybersecurity solution adopters. The proposed platform intends on contributing to improved cybersecurity preparedness by offering two services: i) the service of structured data on malicious URLs and domain names used in phishing and ii) the service for phishing mitigation and notification of credentials (email addresses and passwords) stolen for instance as a result of phishing that have appeared in data leaks. The project starting date was October 1, 2023, and the end date will be on September 30, 2026 [2].

References[edit | edit source]