netcraft_LOGO_COLOR_01 (2)
cybercrime-detection-final

 

Cybercrime detection,
disruption and
takedown

Protecting the world’s leading brands from online attacks

 

Netcraft is the world leader in cybercrime detection, disruption, and takedown, and has been protecting companies online since 1996. 

We detect and disrupt phishing and other cyberattacks at scale, through constant innovation, extensive automation, and unique insight. 

Netcraft provides robust cyber defense solutions for organization like yours by:

  • Analyzing millions of suspected malicious sites each day, typically blocking an attack within minutes of discovery
  • Performing takedowns for ⅓ of the world’s phishing attacks; we take down 90+ attack types at a rate of 1 attack every 15 seconds
  • Protecting billions of people with Netcraft’s threat data, which is licensed to major browser and antivirus companies, internet infrastructure providers and registrars
  • Operating autonomously to detect, disrupt, and take down attacks that are exploiting your brand before you’re even aware, 24/7

We protect brands in 100+ countries and perform takedowns for four of the ten most phished companies on the internet.

Cybercrime detection and threat intelligence

Netcraft detects, blocks, and disrupts a full range of cyberattacks, including phishing, advance fee fraud, executive impersonation, fake shops, malware, investment scams, malicious JavaScript, and dozens of other techniques globally across all targeted organizations, even those that are not Netcraft customers.

As a result of our threat data partnerships, access is quickly restricted for billions of people, even before an attack is taken down. 

Example of attacked blocked by the Netcraft extension

Example attack blocked by the Netcraft extension.

Building on more than 25 years of experience surveying the internet, we use our extensive collection of domain information, website front pages, search engine advertisements, social media sites, spam mail feeds, and app stores to identify online attacks. 

Rapid takedown of malicious content

Restricting access is just the start. Netcraft’s Takedown Service ensures that malicious content is removed quickly and efficiently, typically within hours. 

  1. Once confirmed, attacks impersonating your brand are blocked in our threat feeds, protecting billions of people.
  2. We automatically identify hosting providers, domain registrars, webmasters and others, and determine how to notify them most effectively (via email, API, private contact, or otherwise).
  3. We gather and present evidence of the cyberattack to demonstrate the problem to those with the ability to remove the attack.
  4. Attacks are monitored for 7 days after they are taken down (the takedown process is restarted if malicious content returns).

Technology and expertise 

Netcraft’s automated detection operates 24/7 across a multitude of high-volume noisy sources, surfacing malicious websites with unparalleled speed and accuracy using:

  • A global network of fetch locations that are intelligently selected to defeat criminals’ attempts to evade detection.
  • Rule-based matching across a constantly updated list of thousands of targeted organizations.
  • Machine learning based on properties of the URL itself and the fetched page content and any previous Netcraft classification
  • Automated interaction using a headless web browser, fully exploring multi-page attacks.

Technology is only part of the story. Our services are designed and built by our in-house cybercrime experts, who have the agility and experience to respond to new threats and attack types as they emerge. 

We’ve been at the heart of the internet ecosystem for almost three decades, working with key players including leading domain name registrars and hosting companies. 

Partnerships and community

We receive reports of suspected malicious sites from our large cybercrime reporting community, spam email datasets, customers’ teams, members of the public, and our own discovery techniques.

Netcraft’s confirmed threat data is licensed to all major browsers, antivirus companies, internet infrastructure providers and registrars.

Customers include 3 of the 5 most valuable companies in the world, 11 of the world’s 50 largest banks,  and governments of 8 of the world’s largest economies.

Timeline of an attack

A suspected attack can be analyzed, validated, and takedown notifications dispatched within minutes of discovery. To demonstrate, a recent phishing attack followed this path: 

New attack Suspected attack first detected by Netcraft.
2-4 mins later Attack is fetched, analyzed, and blocked by Netcraft. Access will soon be restricted for billions of people.
After 7 mins First contact with hosting provider.
1hr 14 mins Attack first detected as offline

Our median total availability time for phishing sites taken down is around six hours.

Focus on transparency 

We include demonstrable evidence for every attack, without which providers are unwilling to remove malicious content. 

Chart of hosting providers contacted for attacks.

Our web platforms and flexible APIs integrate with external threat intelligence and enterprise systems, making it simple to track and share critical incident data and events. 

You can explore each incident, while letting the managed detection and disruption process take care of itself. The service’s overall performance is tracked by analytics and charts.

Resources

Meet some of our customers & partners

Customers include three of the four most valuable companies in the world, eleven of the top fifty banks, and eight of the top fifty governments.

Netflix Logo
Microsoft Logo
Barclays Logo
Cisco Logo