Exploring Current E-mail Cyber Threats Using Authenticated SMTP Honeypot

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216305%3A26230%2F20%3APU138617" target="_blank" >RIV/00216305:26230/20:PU138617 - isvavai.cz</a>

Výsledek na webu

<a href="https://www.scitepress.org/PublicationsDetail.aspx?ID=KjbiWwxR+9s=&t=1" target="_blank" >https://www.scitepress.org/PublicationsDetail.aspx?ID=KjbiWwxR+9s=&t=1</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.5220/0009591002530262" target="_blank" >10.5220/0009591002530262</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Exploring Current E-mail Cyber Threats Using Authenticated SMTP Honeypot

Popis výsledku v původním jazyce

Today, spam is a major attack vector hackers use to cause harm. Let it be through phishing or direct malicious attachments, e-mail can be used to steal credentials, distribute malware, or cause other illegal activities. Even nowadays, most users are unaware of such danger, and it is the responsibility of the cybersecurity community to protect them. To do that, we need tools to gain proper threat intelligence in the e-mail cyber landscape. In this work, we show how an e-mail honeypot requiring authentication can be used to monitor current e-mail threats. We study how such honeypot performs in place of an open relay server. The results show this kind of solution provides a powerful tool to collect fresh malicious samples spreading in the wild. We present a framework we built around this solution and show how its users are automatically notified about unknown threats. Further, we perform analysis of the data collected and present a view on the threats spreading in the recent months as captured by this authentication-requiring e-mail honeypot.

Název v anglickém jazyce

Exploring Current E-mail Cyber Threats Using Authenticated SMTP Honeypot

Popis výsledku anglicky

Today, spam is a major attack vector hackers use to cause harm. Let it be through phishing or direct malicious attachments, e-mail can be used to steal credentials, distribute malware, or cause other illegal activities. Even nowadays, most users are unaware of such danger, and it is the responsibility of the cybersecurity community to protect them. To do that, we need tools to gain proper threat intelligence in the e-mail cyber landscape. In this work, we show how an e-mail honeypot requiring authentication can be used to monitor current e-mail threats. We study how such honeypot performs in place of an open relay server. The results show this kind of solution provides a powerful tool to collect fresh malicious samples spreading in the wild. We present a framework we built around this solution and show how its users are automatically notified about unknown threats. Further, we perform analysis of the data collected and present a view on the threats spreading in the recent months as captured by this authentication-requiring e-mail honeypot.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

N - Vyzkumna aktivita podporovana z neverejnych zdroju

Rok uplatnění

2020

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 17th International Conference on Security and Cryptography (SECRYPT 2020)

ISBN

978-989-758-446-6

ISSN

—

e-ISSN

—

Počet stran výsledku

10

Strana od-do

253-262

Název nakladatele

SciTePress - Science and Technology Publications

Místo vydání

Paris

Místo konání akce

Paris

Datum konání akce

8. 7. 2020

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000615962200021