Cybercriminals are currently enjoying a golden age, with the volume and severity of attacks growing constantly, and an ability to commit hostile acts with impunity. The EU, in its overhaul of cybersecurity laws dubbed NIS2, is committed to ensuring that what’s illegal offline should also be illegal online. For that to happen, cybersecurity researchers need to have access to all the tools possible to detect, trace and prevent crime online, including access to the Internet’s yellow pages, also known as the WHOIS search.
Cyberthreat research is both an arts and science discipline. Our experts and software detection analysis in the ATR group sift through an enormous amount of data, from a broad range of sources, to detect the signs of a past, ongoing or future cyberattack. Each source of data that is out of reach is one tool less with which to keep up with cybercriminals. Access to the full set of WHOIS data, or lack thereof, is not going to make or break the future of cyber threat research. But it would give criminals an advantage, which is at odds with the core objective of the EU’s cybersecurity review.
The WHOIS search originally contained all the data of a person registering a website, including the contact details of the person responsible for the website. This information is crucial in the event a legitimate website comes under attack from malicious actors
But by continually scanning the registration data, cyber researchers can also pick up patterns that are indicative of malicious activity, such as preparing a botnet or priming a large number of websites ahead of a denial-of-service (DDOS) attack.
Using WHOIS data i ..
Support the originator by clicking the read the rest link below.
