Abstract: A method and a system for identifying indicators of compromise in a network infrastructure are provided. The method being executable by a computing device communicatively couplable to the network infrastructure, the computing devices being positioned outside a perimeter of the network infrastructure.

Abstract: A method and a system for preventing an activity of a malware application in a computer system are provided. The method comprising: receiving at least one artefact of a sandbox environment to be installed in the computer system for simulating the sandbox environment in the computer system; receiving an indication of at least one interaction of a given application with the at least one artefact; analyzing an activity of the given application to detect at least one of a first type event and a second type event triggered thereby after executing the at least one interaction; in response to the analyzing rendering a positive result: identifying the given application as being the malware application; and using data indicative of a digital footprint of the given application in the computer system for further updating the at least one artefact for further preventing the activity of the malware application.

Abstract: Non-limiting embodiments of the present technology are directed to a system and a method for ensuring cybersecurity, namely, to a method for distributed malware inspection and a system implementing the method. The method comprises receiving input data identifying a potential malware; checking the potential malware based on the input data; adding check parameters and at least one result of the potential malware check into the transaction pool; receiving results of the distributed check of the potential malware from the plurality of networked computer devices; determining a harmfulness parameter based on results of the distributed malware check of the potential malware; in response to the harmfulness parameter of the potential malware exceeds a predetermined threshold value, identifying the potential malware as malware; storing the identified malware and associated data related to the identified malware in the distributed malware register.

Abstract: A computing device for informing about malicious web resources and a method for informing about malicious web resources performed on this computing device are claimed. The claimed method includes performing operations wherein: obtaining references to a plurality of web resources; identifying malicious web resources in a specified set of web resources; establishing web resources associated with each of the identified malicious web resources; detecting malicious web resources in the identified related web resources; identifying at least one authorized entity associated with each of the identified malicious web resources; generating at least one report for at least one of the established authorized entities based on information about the detected malicious web resources associated with this authorized entity; sending each generated report to the appropriate authorized entity on the basis of the contact details of the authorized entity.

Abstract: A computing device for detecting suspicious users in a plurality of messaging systems and a method for detecting suspicious users therein executable the computing device are proposed. The claimed method includes: receiving a plurality of user messages from a plurality of messaging systems; analyzing each of the received user messages to identify at least one message suspiciousness indicator from a predetermined set of message suspiciousness indicators; if at least one message suspiciousness indicator is detected in the analyzed user message, identifying at least one user associated with the analyzed user message in one of the plurality of messaging systems; assigning each of the identified users a user suspiciousness indicator depending on the identified message suspiciousness indicators; classifying users in the one of the plurality of messaging systems as suspicious their reputation score exceeds a predetermined reputation threshold limit.

Abstract: A method of determining associated network resources from a plurality of network resources available on a network, the method executable by a server that is communicatively coupled to the network. The method comprises: scanning, by the server, the network to identify a first network resource and a second network resource of the plurality of network resources; retrieving, by the server, information associated with the first network resource and the second network resource, the information comprising at least one parameter of the first network resource and at least one parameter of the second network resource; in response to a match between the at least one parameter of the first network resource and at least one parameter of the second network resource, determining a connection between the first network resource and the second network resource.

Abstract: A method for detecting phishing resources through collection of URL links. The method is executable by a web server and comprises receiving, by the web server, a query for obtaining an object hosted by the web server; extracting, by the web server, from the “Referer” field of the query, a URL link pointing to a query source; generating, by the web server, at least one converted URL link pointing to a different resource located on a same host as the query source, based on the extracted link; and sending the at least one converted URL link for a phishing analysis.

Abstract: A method for detecting a phishing web page. The method, executable at a sever, comprises detecting at least one unique web page attribute that allows to identify a known phishing web page as a phishing web page; analyzing, by the server, the known phishing web page to determine at least one additional unique attribute indicative of the known phishing web page targeting a phishing target web resource; generating, by the server, at least one phishing detection rule that is based on the at least one unique attribute and the at least one additional attribute; storing the at least one phishing detection rule; receiving a new web page to be checked for phishing; applying the at least one phishing detection rule for analyzing the new web page; in response to the analyzing rendering a positive outcome, identifying the new web page as a phishing web page.

Abstract: This technical solution relates to systems and methods of cyber attack detection, and more specifically it relates to analysis methods and systems for protocols of interaction of malware and cyber attack detection and control centers (servers). The method comprises: uploading the malware application into at least one virtual environment; collecting, by the server, a plurality of malware requests transmitted by the malware application to the malware control center; analyzing the plurality of malware requests to determine, for each given malware request: at least one malware request parameter contained therein; and an order thereof of the at least one malware request parameter.