Graph Network Analysis
Automated graph network analysis system for cybercrime investigations, threat attribution, detection of phishing & fraud
Establishing links between cybercriminal groups, phishing attacks, botnets, and fraudulent transactions
Significantly increased rate of successful investigations
Detection of malicious domains and files just within seconds
Network graph use cases
Network infrastructure analysis helps to identify cybercriminals’ legitimate projects and contact details linked to his real identity
All the resources connected to the fraudulent resource or phishing attack might be scanned for similar content to enhance detection
Attacker’s infrastructure exposure, both active and hidden, and at the attack preparation stage
Find servers hidden behind proxy services to identify the real hosting provider
Key users of graph analysis
Search data
Case: phishing attack by Cobalt
In December 2018, Cobalt hacker group, which is known for targeting banks, sent out emails disguised as the National Bank of Kazakhstan. If cybersecurity experts had not found the phishing emails and did not have an opportunity to carry out the comprehensive analysis of malicious files, they could have created a graph based on the malicious domain nationalbank[.]bz, used by the cybercriminals. The created graph would have immediately shown the links to other malicious domains and Cobalt cybercriminal group, revealing what files have already been used in earlier attacks.
