'FinalBlacklist' to help businesses hone cybersecurity

Researchers have released what they’re calling the “largest publicly available data set” of malicious activity to help organisations hone their cybersecurity capabilities.

The ‘FinalBlacklist’, developed by researchers from CSIRO’s Data 61, Macquarie University, Nokia Bell Labs and the University of Sydney, provides a snapshot of the cybercrime landscape and how it’s changed over time, allowing cybersecurity specialists to better predict and protect against mal-activity.

To create it, the researchers collected 51.6 million mal-activity reports from 2007–2017, involving 662,000 unique IP addresses worldwide, and used machine learning techniques to categorise them as either: malware, phishing, fraudulent services, potentially unwanted programs, exploits or spamming.

The dataset showed mal-activity has consistently increased in volume over the last decade, with the average cost of cybercrime damages expected to reach $6 trillion by 2021, according to the CSIRO.

While phishing is becoming a major form of mal-activity, CSIRO’s Data61, Information Security and Privacy Group Leader and Optus Macquarie University Cyber Security Hub Scientific Director, Professor Dali Kaafar said malware has remained cybercriminals’ weapon of choice over the past decade.

“Last year the WannaCry ransomware attack affected more than 300,000 computers across 150 countries causing billions of dollars in damage. Ransomware remains a persistent threat as evidenced by the recent attacks against hospitals across Victoria,” Kaafar said.

“Reports of phishing activities have also steadily risen with a spike in 2009 coinciding with the increased adoption of smartphones. In 2013, another spike was experienced which can be linked to the growing popularity of digital payment systems which attracted unwanted attention from cybercriminals.”

Although similar datasets exist, the CSIRO believes they are mainly proprietary and industries are unable to share them due to privacy concerns and wanting to maintain a competitive advantage.

“We’ve made this dataset available to the wider research community so it can be used to train algorithms to predict future instances of mal-activity before they happen,” Kaafar said.

“Our analysis revealed a consistent minority of repeat offenders that contributed a majority of the mal-activity reports. Detecting and quickly reacting to the emergence of these mal-activity contributors could significantly reduce the damage inflicted,” he added.

To avoid malicious activity, the researchers suggest organisations and individuals: keep their operating systems up to date, don’t pay ransom demands, avoid clicking links in unsolicited emails or opening attachments from strangers, don’t re-use passwords and install ad blockers and script blockers.

Image credit: ©stock.adobe.com/au/Rawpixel.com