The ThreatChase project aims to enhance cybersecurity capabilities across the EU by providing an innovative platform to protect against phishing. We believe that widespread adoption of cybersecurity solutions greatly depends on data about malicious activities, its accurate analysis, and the availability of an open platform for cybersecurity solution adopters. This project will contribute to improved cybersecurity preparedness by offering two key services:
The project's primary objective is to identify phishing-related URLs and collect comprehensive metadata from open sources, using both passive and active scanning techniques. The ThreatChase service will offer a blacklist through the MISP server, which facilitates the storage, sharing, and distribution of threat data. By providing fresh, accurate information on malicious URLs and domains, this service will help organizations proactively defend against phishing threats by blocking malicious emails, websites, and domain name resolutions.
Beyond prevention, the platform will also notify organizations and individuals if their credentials are found in data leaks, helping users assess the need for password changes. This is particularly crucial as cybercriminals often exploit leaked credentials to launch new attacks, especially when individuals reuse passwords across multiple sites. The ThreatChase platform will be an essential tool for organizations to mitigate phishing risks, improving their cybersecurity posture by offering actionable intelligence and enabling swift defensive actions.
The ThreatChase project aims to make a significant and lasting impact on the cybersecurity landscape, with the potential to drive innovation, enhance security measures, and provide robust protection for ICT systems across various sectors, particularly focusing on addressing the growing and evolving threat of cyberattacks. The key goals of the project are:
The open data platform will play a pivotal role in accelerating the adoption and spread of innovative cybersecurity solutions in the following ways:
In addition, the ThreatChase platform will play a pivotal role in improving cybersecurity capabilities, particularly for SMEs and public organizations across the EU. By providing real-time threat intelligence, organizations can detect and respond to cyberattacks more quickly, protecting critical systems and data. The platform will also support incident response strategies and cybersecurity tools, improving the effectiveness of detection and analysis. Ultimately, ThreatChase aims to become a central hub for connecting cybersecurity solution providers and adopters, strengthening the overall security ecosystem.
KOR Labs SAS is a university spin-off dedicated to combating cyber threats, helping the Internet community collectively increase barriers to abuse as well as companies to increase the effectiveness of their network protection and countermeasures. The team comprises security researchers with a strong academic track record and world-class expertise in cyber security and Internet technologies. The main focus of KOR Labs activities is on domain name and Domain Name System (DNS) abuse. The founders of KOR Labs are Prof. Maciej KorczyĆski and Prof. Andrzej Duda.
ORANGE Polska SA is a leader on the Polish market of fixed telephony, Internet, and data transmission. As the only operator, it offers comprehensive telecommunications solutions available throughout the country. Cybersecurity is one of key areas continuously developed in OPL. OPL CERT has already been operating for 25 years and it provides cybersecurity services to a wide range of customers protecting them against identified modern cyberthreats (DDoS, malware, phishing, applications vulnerabilities).
PDMFC LDA is an SME from Portugal, with a strong focus on the area of Information Security, having developed software that help dozens of large customers (including Governments) to detect fraud, money laundering, tax evasion, among many other things. It provides the Identity and Access Management framework (called SPA) that includes Real Time Risk Assessment, Segregation of Duties, Cryptographic fingerprinting of operations. PDMFC has experience in the Information Security-related area, manages several CSIRTs at national level (consultancy work), and develop Identity and Access Management Intelligence tools.
NovaForensic (legal name: Stability Bubble LDA) is a start-up from Portugal, founded by a former Law enforcement Agency crime investigator with a focus on the development of tools for Digital Forensics. Its tools are used by all LEA in Portugal to obtain relevant digital evidence for the crime (cyber-incident) under investigation. The NovaForensic objective is the evolution of digital forensic expertise through the adoption of the Forensic as a Service (FaaS) paradigm, which consists of the provision of forensic software in cloud computing enhanced by an artificial intelligence federated learning system.
The project funded by the European Union under Grant Agreement No. 101128042 is supported by the European Cybersecurity Competence Centre. Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the European Cybersecurity Competence Centre can be held responsible for them.