ITEA is the Eureka Cluster on software innovation
ITEA is the Eureka Cluster on software innovation
Please note that the ITEA Office will be closed from 25 December 2024 to 1 January 2025 inclusive.
ITEA 4 page header azure circular

integrated result: Cyber Threat Tactical Monitoring

Project
18007 DEFRAUDify
Type
New service
Description

A specific type of cyber threat that is very hard to combat, is spearphishing attacks: an influential staff member of a company is approached using handcrafted emails that contains a lot of factual information, adding to credibility of the email. Usually, such an email contains an instruction to transfer money, or to click a link, and it appears completely legitimate. There is need for companies to understand the threat level of this type of attack. This new service does this by identifying the ‘attack surface’: how much public information is available for key staff members of the company?

Contact
Tycho Gabeler
Email
tycho@web-iq.com
Research area(s)
social engineering
Technical features

The result is called ‘tactical’ monitoring because the time frame of the attacks, and the associated the information is more ephemeral by nature.

The result presents information from the clearweb for a number of selected company employees; results from project partner TU Eindhoven are used for this. Additionally, honeytoken information is used to make the information more specific: a honeytoken is a piece of information that is usually only extracted by very curious (malicious) users, just like the well-known honeypot concept. Honeytokens collect information about the origin of the entity that extracts the information (it can be a document, an image or any other digital entity). The honeytoken technology is developed by project partner Almende. This information is added to the analysis.

Integration constraints

The new service is not yet in the form of a dashboard that can easily be accessed: the result is not yet a finished product and its precise definition needs to be developed together with a launching customer.

Targeted customer(s)

Larger companies that run the risk of spearphishing; cyber threat intel companies

Conditions for reuse

The result can be accessed by reaching out to the exploiting partner

Confidentiality
Public
Publication date
30-09-2023
Involved partners
Almende BV (NLD)
Eindhoven University of Technology (NLD)
Web-IQ B.V. (NLD)