Future Platform Directions


URL Classification

  • Through these findings, a tool can be created that acts as a middle step to scan links before being opened:
    • Upon clicking a link from an application (ex: email), the browser will first open a window that passes the target URL through a classification model
    • If the link is deemed malicious, a warning will show to the user and suggest they proceed with caution
  • This type of tool will not be too disruptive and rather require an additional click to proceed (or automatically proceed if a link is determined not malicious).
  • This tool can help companies in the financial/banking industry reduce potential damages by helping prevent their employees from interacting with phishing threats.

Text Mining

  • Use the mined intelligence to feed new analytical threat models
  • Add direct feed from data sources such as Shodan and NVD.
  • Identify new data sources and filters with an even higher relevancy to the electronic payment industry

DDoS Attacks

  • Avoid the use of public ports
    • The most at risk for DDoS attacks
    • Invest in the use of private ports
  • Installation of VPNs to protect and hide IP Addresses
    • Makes it difficult for attackers to locate and target you

IP Geolocation

  • Do IP Geolocation on list of phishing sites periodically so trend analysis can be done
  • Make global map interactive so consumers of intelligence do not have to refer back to a data table for details
  • Integrate the global map and trends graph into a dashboard for decision makers
  • Investigate the Autonomous System Number (ASN) associated with the phishing site IP address. There might be more insight to be gained. I.E. someone took over a legitimate site, vs., malicious actors are renting cloud resources (Azure, AWS, etc.)