The Technical Center of Internet and the Coordination Center for TLD .RU/.РФ held a meeting between companies participating in the Netoscope project to mark the project’s fifth anniversary. The participants discussed Netoscope’s development over the five years and the changes that took place in Runet during these years. They also shared their future plans.
The project has compiled a list of over 3.1 million domain names of the second, third and lower levels that have been involved in or suspected of malicious activity between November, 2012 and October, 2017. The most common activity is placing malicious codes on websites, which has been used by 90.6% violating domain names as of the end of October, 2017.
In his opening speech, Director of the Coordination Center Andrei Vorobyev noted that during its five years of operation, the Netoscope project became popular not only in Russia, but in foreign countries as well. Thus, the project received international experts’ high marks at the Eastern European DNS forum, which was held in early October in Minsk.
“Netoscope would have never come to life without all of us working together,” Vorobyev said. He also spoke about the influence of the project and its participants on the general level of information security in Runet and the internet in general, and also about the current and new areas of research conducted as part of the Netoscope project.
Alexander Venedyukhin, leading analyst at the Technical Center of Internet, spoke about the new research conducted in 2017 which concerned various modifications of the TLS protocol used for ensuring secure connection. The findings show that the number of nodes using the Diffie-Hellman key exchange algorithm on elliptic curves is increasing in the .RU, .РФ and SU domain zones. The use of elliptic-curve cryptography, which is believed to provide better security, results in stronger security in Runet.
He also expanded on the 2017 research on X.509 extensions of TLS certificates. The results of this research show that the distribution of X.509 extensions on TLS certificates and Runet nodes corresponds to the world practice.
Alexander Vedenyukhin also mentioned that in the future the experts are planning to explore how DNS operation affects the security of the addressing system within domain zones.
The participants in the project and the meeting guests exchanged their experience in providing Runet security, shared useful statistics and made suggestions concerning the project’s future.
At the end of the meeting, Pavel Khramtsov, head of the Netoscope project and head of the Applied Services Department of the Technical Center of Internet, noted that Netoscope in fact covers the areas of information security that are not regulated by law, for example, countering spam on the internet.
“The DNS system will be increasingly infected year by year and we can only counter it with the close cooperation of the project’s participants,” he said. ”Today, based on indirect criteria, the participants of our project can foresee attacks on the internet in their respective areas. By promptly exchanging data we can prevent these attacks or at least reduce their damage.”
He also spoke about ICANN’s domain zone security project that has a lot in common with Netoscope.
Five years ago, at the end of October 2012, the Coordination Center and the Technical Center of Internet created a research platform to aggregate information on malware. A year after that, the new information analytical resource called Netoscope was developed. The resource compiles the latest data on cyber threats on the internet and the updates on combating malicious websites. The data comes from the companies participating in the platform’s operation that submit their entries to the project’s database. Today, the list of companies participating in the project includes BIZon, Group-IB, the Coordination Center, Kaspersky Lab, Mail.ru, the Federal Supervision Service for Communications, Information Technology and Mass Media, Rostelecom, RU-CERT, the Technical Center of Internet, and Yandex.
