Automated Analysis of “abuse” mailbox for employees with the help of Malzoo

By Niels Heijmans

For most companies, e-mail is still the main form of communication, both internally and with customers. Unfortunately, e-mail is also used heavily by cyber criminals in the form
of spam, phishing, spear-phishing, fraud or to deliver malicious software. Employees receive these kinds of messages on a daily basis, even though strict security measures are
implemented. Sometimes an employee will fall for the scam but often they will know when it is a false e-mail, especially after good awareness programs. Instead of letting
them delete the e-mail, let them share it with you to learn and see what is coming through your security measures or what employees see as “fishy”. But what should you do with
the e-mails that are forwarded to this special “abuse” mailbox? Malzoo can be used to analyze this mailbox by picking up the e-mails, parsing them and sharing the results with
the CERT team. By using the collected data, you can find new spam runs, update spam filters, receive new malware and learn in what parts of the company awareness is highest
(and lowest). This paper explains the benefits and drawbacks of letting employees have a central point to report suspicious e-mail and how Malzoo can be used to automate the analysis.

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *