New solution combating online identity theft to be built by EIT Digital for DSPs
The confidence of European citizens that their private or business data is safe while using digital services is repeatedly challenged by the so-called “phishing” attacks.
Such attacks try to lure users into giving up confidential information which enables identity theft. EIT Digital’s new innovation activity – Web Application Firewall for Large-scale phishing attacks (WAFFLE) aims to preserve user trust by bringing a solution to market to protect digital service providers (DSPs) against the specific threat of phishing.
Phishing is once again on the rise, says EIT. Although the full economic impact of the phenomenon is difficult to estimate, according to reports from legal enforcement authorities, like EUROPOL, new kinds of fraud and criminal activities are flourishing all over Europe with industry players, banks, and ordinary citizens reporting severe economic losses.
Rocco Mammoliti, head of Security at Poste Italiane, an EIT DigitaI partner participating in the Innovation Activity, said: “A new market for pro-active products like WAFFLE has opened, since the established solutions for mitigating phishing problems are almost totally ineffective because they step in only after the attack has ended.
A typical phishing attack lasts just a few hours, and bogus websites used for phishing are live for no longer than a day or two. So, blocking traffic to these sites, for example by blacklisting, takes place too late: the sensitive information is already stolen.”
Mammoliti continued: “By making corporate and public authority digital services safe for European online consumers, we will maintain and build their trust in using digital services. This will help the whole European digital ecosystem grow and prosper amid international competition.”
The WAFFLE project will combine two existing products with proven track records to develop a new, highly configurable anti-phishing solution that can be accessed in the cloud, or installed in-house.
One of these existing products is Attack Prophecy, a Web Application Firewall developed by Pluribus One, a spin-off of the University of Cagliari (Italy), using innovative machine-learning and web-site analysis techniques to significantly reduce false alarms (so called false-positives).
The second is a complementary tool named PRECOG, developed by the Italian company Emaze and based on disruptive Domain Name System (DNS) analysis techniques for the early detection of phishing sites or pages. It focuses on detecting abused internet domains which are often indicators of a phishing campaign and which are registered before a phishing campaign starts. Pluribus One and Emaze will play the role of business champions within the Innovation Activity.
In bringing WAFFLE to the market, EIT Digital’s partner network will have a major role by being the product’s first users. In addition, the new technical knowledge generated by the project will be disseminated through the online training modules of the EIT Digital Professional School.
In addition to Poste Italiane, the other EIT Digital partners participating in the Innovation Activity are Italian software and IT services provider Engineering Ingegneria Informatica, Italian digital innovation and design shop Cefriel who will bring their experience in cybercrime and offensive security, and Innovalor, who will develop a go-to-market strategy, market analysis, and commercial propositions for the Innovation Activity.
Web application firewall for large-scale phishing attacks is one of 13 Innovation Activities of the Digital Infrastructure action line of EIT Digital for 2017. The Digital Infrastructure action line focuses on enabling digital transformation by providing secure, robust, responsive, and intelligent communications and computation facilities for the markets.
The Action line targets in networking the mobile broadband infrastructure, network softwarisation, and the Internet of Things (IoT); in computing: cloud computing, Big Data, and Artificial Intelligence; in security: privacy, cyber security, and digital ID management.
The Internet Organised Crime Threat Assessment (IOCTA) 2016 from EUROPOL: (EC3)
Comment on this article below or via Twitter @IoTGN