Publication Details

Exploring Current E-mail Cyber Threats Using Authenticated SMTP Honeypot

ZOBAL, L.; KOLÁŘ, D.; KŘOUSTEK, J. Exploring Current E-mail Cyber Threats Using Authenticated SMTP Honeypot. In Proceedings of the 17th International Conference on Security and Cryptography (SECRYPT 2020). Paris: SciTePress - Science and Technology Publications, 2020. p. 253-262. ISBN: 978-989-758-446-6.
Czech title
Zkoumání aktuálních e-mailových hrozeb s využitím SMTP honeypotu vyžadujícícho autentizaci
Type
conference paper
Language
English
Authors
Zobal Lukáš, Ing.
Kolář Dušan, doc. Dr. Ing. (DIFS)
Křoustek Jakub, Ing., Ph.D.
URL
Keywords

Spam, Honeypot, SMTP, E-mail, Malware, Cyber Threat Intelligence

Abstract

Today, spam is a major attack vector hackers use to cause harm. Let it be through phishing or direct maliciousattachments, e-mail can be used to steal credentials, distribute malware, or cause other illegal activities. Evennowadays, most users are unaware of such danger, and it is the responsibility of the cybersecurity communityto protect them. To do that, we need tools to gain proper threat intelligence in the e-mail cyber landscape. Inthis work, we show how an e-mail honeypot requiring authentication can be used to monitor current e-mailthreats. We study how such honeypot performs in place of an open relay server. The results show this kindof solution provides a powerful tool to collect fresh malicious samples spreading in the wild. We presenta framework we built around this solution and show how its users are automatically notified about unknownthreats. Further, we perform analysis of the data collected and present a view on the threats spreading in therecent months as captured by this authentication-requiring e-mail honeypot.

Published
2020
Pages
253–262
Proceedings
Proceedings of the 17th International Conference on Security and Cryptography (SECRYPT 2020)
Conference
17th International Conference on Security and Cryptography, Paris, FR
ISBN
978-989-758-446-6
Publisher
SciTePress - Science and Technology Publications
Place
Paris
DOI
UT WoS
000615962200021
EID Scopus
BibTeX
@inproceedings{BUT168126,
  author="Lukáš {Zobal} and Dušan {Kolář} and Jakub {Křoustek}",
  title="Exploring Current E-mail Cyber Threats Using Authenticated SMTP Honeypot",
  booktitle="Proceedings of the 17th International Conference on Security and Cryptography (SECRYPT 2020)",
  year="2020",
  pages="253--262",
  publisher="SciTePress - Science and Technology Publications",
  address="Paris",
  doi="10.5220/0009591002530262",
  isbn="978-989-758-446-6",
  url="https://www.scitepress.org/PublicationsDetail.aspx?ID=KjbiWwxR+9s=&t=1"
}
Back to top