Two years ago, late October 2012, Coordination Center created a research platform to aggregate information about malicious resources. In a year an information and analytical resource appeared online called “Netoscope”. It had all the latest data on spread of cyber threats online and on the progress of controlling harmful resources. Information to the resource came from the data base of the project: it is supplied by the companies that take part in platform’s operation and exchange information about malware between one another. Group-IB, Coordination Center, “Kaspersky Lab”, Mail.ru, Sputnik (Rostelecom), RU-CERT, Technical Center of Internet and Yandex participate in the project now. 1.3 million domain names – resources of cyberthreats got to the database of “Netoscope” project from November 2012 till November 2014. During two years of work the volume of the base has more than doubled and continues growing.
In October of 2014 the share of domains removed from the register comprised 38,5%, while in the end of 2013 it was only 27,5%, and in September of 2013 - 21,5%. This type of growth proves that a set of measures to clean Runet from malware is gradually paying off. It was discovered that the major part of the domains was spreading malicious software. In .RU and .SU domains the most common threat was malware (60.7% in .RU and 53% in .SU), in .РФ domain the main problem are domain names that spread phishing (61.1% of all domains spread phishing, and “only” 24.2% were spreading malware). As a whole by the end of October among second-level domain names there were 3.4% of malware in the .RU domains, 0.5% in .РФ and 2.1% in .SU.
In the opinion of Pavel Khramtsov, member of the council of the Coordination Center for TLD RU and the head of the “Netoscope” project, the experience gained during the operation of “Netoscope” is very useful not only in the national domain zones .RU, .РФ and .SU but also for new gTLDs .MOSCOW, .МОСКВА, .ДЕТИ (children), .TATAR and many other. Pavel Khramtsov also thinks that “Netoscope” has begun to have a major impact on general condition of domain industry in Russia. Thus, during the conference TLDCON 2014 he said that “fight against bad domains from a commercial point of view leads to the fact that Coordination Center and registrars are receiving less money. But “Netoscope” project allows to clean Russian domain space and make it more secure and stable.”
On November 13, companies participating in the project “Netoscope” gathered at the round table where they discussed the contribution of each company to the project and usage of “Netoscope’s” data for the information security of the network. Exchange of data about domain names detected in malicious activity and also provision of this information to anyone who is interested in it is the most important result of two years of work.
“Cooperation between our companies today brings quite tangible results in the fight against cyber threats. We see that our employees do not only share data but also use aggregated information in their everyday work. Our project holds a certain niche and we see that this approach is quite justified and useful for the industry”, said Andrei Kolesnikov, CEO at Coordination Center.
