“ FlashStart’s local presence enables more targeted and accurate analysis for Italian users. ”
Remo Marini / President
FlashStart’s local presence enables more targeted and accurate analysis for Italian users.
The collaboration between FlashStart and F3rmi Foundation strengthens network security by combining advanced research with practical application. Through traffic analysis and the detection of malicious DGA domains, FlashStart enhances its protection by integrating the IoC lists developed by the foundation. The Italian-based approach ensures a quick response to local threats, while data sharing supports continuous updates to detection systems. Together, they educate the public on cybersecurity, foster a culture of prevention, and contribute to national protection while complying with privacy regulations.
F3rmi Foundation analyzes malicious and DGA domains using anonymized and pre-processed DNS traffic data provided by FlashStart. It leverages machine learning (neural networks, decision trees) to detect typical DGA patterns, defining characteristics such as request length and frequency. By combining supervised and unsupervised models with heuristic analysis and pattern matching, it identifies suspicious domains. Malicious domains are then aggregated into IoC lists, validated, and distributed to FlashStart and the community. This approach enables F3rmi to continuously update its models, maintaining high accuracy against emerging threats.
Every day, F3rmi Foundation identifies new malicious domains dynamically generated by malware using Domain Generation Algorithms (DGA) to communicate with Command and Control (C2) servers. Our algorithm detects popular malware families such as Necurs, TrickBot, QakBot, Emotet, IcedID, and Bumblebee. These domains frequently change to evade traditional security filters, allowing malware to maintain contact with attackers. By continuously analyzing DNS traffic and using machine learning models, F3rmi identifies new patterns and suspicious domains daily, updating the Indicators of Compromise (IoC) lists. These detections help prevent targeted attacks, protecting networks and users from emerging threats.
Every day, F3rmi Foundation detects new malicious domains generated by DGA malware (Necurs, TrickBot, QakBot, Emotet, IcedID, and Bumblebee), designed to bypass security controls. This continuous monitoring helps identify emerging threats specific to Italian users, who are often targeted by local attacks..
Try safe surfing for free!
By analyzing Italian DNS traffic data, F3rmi can detect local threats with greater focus than global solutions, providing targeted protection for Italian users.
FlashStart users benefit from more accurate IoC lists compared to publicly available distribution lists.
The company
F3RM1 Foundation was the first foundation in Italy dedicated to cybersecurity. The foundation focuses on advanced research and development in cybersecurity, aiming to raise awareness among Italian citizens and businesses and enhance their protection against current cyber threats, including financial theft, identity theft, and data breaches.
In an increasingly interconnected world, an increase in risks from the growing use of cyber tools is not necessarily matched by a higher level of user awareness of these threats. From the idea of a group of cyber security experts to engage in a project aimed not only at increasing awareness of what today’s cyber threats are, but also at enabling the adoption of suitable and adequate security measures to deal with these risks, the F3RM1 foundation was born. By carrying out its activities, the foundation aims to be a point of reference for the verification and management of cyber incidents, frauds and attacks.
