Publication detail

Exploring Current E-mail Cyber Threats Using Authenticated SMTP Honeypot

ZOBAL, L. KOLÁŘ, D. KŘOUSTEK, J.

Original Title

Exploring Current E-mail Cyber Threats Using Authenticated SMTP Honeypot

English Title

Exploring Current E-mail Cyber Threats Using Authenticated SMTP Honeypot

Type

conference paper

Language

en

Original Abstract

Today, spam is a major attack vector hackers use to cause harm. Let it be through phishing or direct malicious attachments, e-mail can be used to steal credentials, distribute malware, or cause other illegal activities. Even nowadays, most users are unaware of such danger, and it is the responsibility of the cybersecurity community to protect them. To do that, we need tools to gain proper threat intelligence in the e-mail cyber landscape. In this work, we show how an e-mail honeypot requiring authentication can be used to monitor current e-mail threats. We study how such honeypot performs in place of an open relay server. The results show this kind of solution provides a powerful tool to collect fresh malicious samples spreading in the wild. We present a framework we built around this solution and show how its users are automatically notified about unknown threats. Further, we perform analysis of the data collected and present a view on the threats spreading in the recent months as captured by this authentication-requiring e-mail honeypot.

English abstract

Today, spam is a major attack vector hackers use to cause harm. Let it be through phishing or direct malicious attachments, e-mail can be used to steal credentials, distribute malware, or cause other illegal activities. Even nowadays, most users are unaware of such danger, and it is the responsibility of the cybersecurity community to protect them. To do that, we need tools to gain proper threat intelligence in the e-mail cyber landscape. In this work, we show how an e-mail honeypot requiring authentication can be used to monitor current e-mail threats. We study how such honeypot performs in place of an open relay server. The results show this kind of solution provides a powerful tool to collect fresh malicious samples spreading in the wild. We present a framework we built around this solution and show how its users are automatically notified about unknown threats. Further, we perform analysis of the data collected and present a view on the threats spreading in the recent months as captured by this authentication-requiring e-mail honeypot.

Keywords

Spam, Honeypot, SMTP, E-mail, Malware, Cyber Threat Intelligence

Released

08.07.2020

Publisher

SciTePress - Science and Technology Publications

Location

Paris

ISBN

978-989-758-446-6

Book

Proceedings of the 17th International Conference on Security and Cryptography (SECRYPT 2020)

Edition

NEUVEDEN

Edition number

NEUVEDEN

Pages from

253

Pages to

262

Pages count

10

URL

Documents

BibTex


@inproceedings{BUT168126,
  author="Lukáš {Zobal} and Dušan {Kolář} and Jakub {Křoustek}",
  title="Exploring Current E-mail Cyber Threats Using Authenticated SMTP Honeypot",
  annote="Today, spam is a major attack vector hackers use to cause harm. Let it be through
phishing or direct malicious attachments, e-mail can be used to steal
credentials, distribute malware, or cause other illegal activities. Even
nowadays, most users are unaware of such danger, and it is the responsibility of
the cybersecurity community to protect them. To do that, we need tools to gain
proper threat intelligence in the e-mail cyber landscape. In this work, we show
how an e-mail honeypot requiring authentication can be used to monitor current
e-mail threats. We study how such honeypot performs in place of an open relay
server. The results show this kind of solution provides a powerful tool to
collect fresh malicious samples spreading in the wild. We present a framework we
built around this solution and show how its users are automatically notified
about unknown threats. Further, we perform analysis of the data collected and
present a view on the threats spreading in the recent months as captured by this
authentication-requiring e-mail honeypot.",
  address="SciTePress - Science and Technology Publications",
  booktitle="Proceedings of the 17th International Conference on Security and Cryptography (SECRYPT 2020)",
  chapter="168126",
  doi="10.5220/0009591002530262",
  edition="NEUVEDEN",
  howpublished="online",
  institution="SciTePress - Science and Technology Publications",
  year="2020",
  month="july",
  pages="253--262",
  publisher="SciTePress - Science and Technology Publications",
  type="conference paper"
}