Providing Cyber Threat Intelligence feeds

Each Cyber Threat Intelligence (CTI) service provider now specialises in certain aspects of the wide range of data capture types. Providers of such services are valued in relation to specific types of information they provide to their customers, and these types of information arise from specific competencies, tools, and specific opportunities to access specific sources of information.

ComCERT stands out among other suppliers and providers mostly due to the fact that we focus our expertise on threats to the Polish market that originate both from Poland and from abroad (e.g. Russia and Ukraine). ComCERT also has a particularly good penetration of criminal environments and their communication platforms. On these platforms, criminals plan new TTPs (Tactics, Techniques and Procedures) of attacks, share their experiences and achievements. ComCERT’s team of experts constantly monitors the deep internet resources (deep-web, dark net), often interacting with actors active there, in order to detect and identify threats and incidents concerning our Customers at the earliest possible stage of the so-called Kill Chain. Our competence and contacts are also of great value in advising our Customers in crisis situations, also when cooperation with law enforcement authorities is necessary.

In addition to the above “manual” form of dark net penetration, ComCERT has automated machines and bots that automatically penetrate those parts of the Internet and dark net that are accessible to such machines and bots. Any appearance of keywords specific to our Customers in conjunction with words from the criminal dictionary trigger manual threat verification

In addition, ComCERT monitors all new registrations of Internet domains. Each registration of a domain similar to any of our Customers’ domains results in (assuming by default that it is has been registered as a part of the “typosquatting” type of actions) the fact that we start monitoring such a newly registered domain as a potential phishing website.

ComCERT is highly competent in obtaining information on malware, also for mobile systems, especially Android, and using its long experience, ComCERT, as the first commercial CERT in Poland, exchanges data with other CERTs and commercially purchases information from other entities in the world specialising in obtaining this type of data (purchased data are usually more complete than those obtained through exchange).

ComCERT’s experience and above mentioned competences make our specialists often provide our Customers with interesting and important documents, also concerning their cybersecurity.

All information on threats acquired by ComCERT is immediately transmitted using MISP platform which allows for automatic extraction of this information to Customers’ security systems;