Back ZIUR helps 80 companies in Gipuzkoa prevent cyberattacks using predictive cyber threat intelligence technology

2025 / 07 / 18
Fundazioak monitorizazio-tresna bat jarri du ETEen eskura, haien kredentzialak 'Deep Web' ean saltzen ari diren jakiteko.

ZIUR helps 80 companies in Gipuzkoa prevent cyberattacks using predictive cyber threat intelligence technology

It offers organizations the KELA tool, which can detect in underground forums whether cybercriminals are behind a company and have relevant information to attack it

A total of 80 companies in Gipuzkoa, mostly SMEs, have benefited from a predictive cyber intelligence project launched by ZIUR. The Industrial Cybersecurity Center of the Provincial Council of Gipuzkoa has helped these organizations prevent attacks, using a tool that can detect in underground forums whether cybercriminals have relevant information about a company to attack it.

This tool, called KELA, allows SMEs to identify both known and unknown threats, giving them the ability to stay ahead of cybercriminals and protect their critical assets. In other words, it helps them adopt a proactive approach rather than a reactive one, something “crucial in an environment where attack methods are constantly evolving,” notes ZIUR CEO María Penilla.

“By anticipating and mitigating attacks before they cause damage, threat intelligence helps reduce costs associated with security breaches, regulatory fines, and loss of customer trust, ensuring business continuity and success,” says Penilla, who argues that, ultimately, carrying out projects of this type “provides companies in the region with a competitive advantage and a robust defense in today's digital landscape.”

1,622 domains analyzed

The project carried out by ZIUR with 80 companies in Gipuzkoa lasted 12 months, from May 2024 to May 2025, during which time 1,622 domains belonging to these SMEs were analyzed. This study was made possible thanks to KELA technology, which allows for automated searches in forums, discussion groups, databases, repositories, and the "dark web" to see if cybercriminals are "sharing, moving, or trying to sell information about those domains," explains Penilla. "We know that if information associated with a domain is circulating in those forums, it's very likely that the company will suffer an intrusion or hacking attempt within six months," she points out.

Among the conclusions obtained from this project are several notable data, such as the detection of 509 entries from domains associated with the 80 Gipuzkoan companies in discussions and debates between cybercriminals. "This would be the earliest stage, discovering that hackers are asking for a company's domain to obtain information," notes the director of ZIUR.

And there is a figure that is even more striking. In the category of leaked credentials, 80,879 entries from domains associated with those 80 companies were detected. “Here, hackers already have a username and password. The more recent that password is, the more interesting it is,” explains Penilla, who points out that the data is very high, but “not too valuable.” “We've all received an SMS requesting information. If you enter your email address, it's already considered a credential.”

On the other hand, in the instant messaging category, that is, data extracted from services like Telegram and Discord used by cybercriminals, 22,509 entries were detected, while in the compromised accounts section, with verified and real data, the number of entries rose to 4,187.

In contrast, only two domain servers were compromised out of a total of 1,622. "At this stage, you have to act very quickly, because the company is on the verge of being cyberattacked," insists Penilla, who asserts that all the information obtained by the KELA project is "very interesting for companies, especially for small ones that have fewer resources to invest in this type of advanced cybersecurity technology."