Implementation of Filters and Rules on a Gateway to Mitigate Cyberattacks Originated by Email

Abstract

This work proposes a methodology for the implementation of a set of rules and filters applied on a Gateway to mitigate the main cyberattacks originated through emails, such as: malware, spam, phishing, and includes information leakage. Through a comparative analysis of the tools that face these cyberattacks, ”Proxmox Email Gateway” is selected to be implemented in two test scenarios, the first without applying the methodology, and the second with its application, in which several Controlled cyberattacks of each of those previously defined. According to data obtained from the test scenarios, it was found that the application of this set of rules reduces cyberattacks by 38.75%, and with the statistical chi-square test with a confidence level of 95% it is shown that the set of filters and elaborate rules applied on a Gateway if it reduces the percentage of the amount of cyberattacks originated through e-mail.

Keywords:

Cyber-attack, email, spam, phishing, malware, Proxmox, Email Gateway

References
[1] EcuRed. Correo Electrónico. [Online].; 2017 [cited 2020 abril 15]. Available from: https://www.ecured.cu/Correo_electr%C3%B3nico.

[2] Avast. Qué es el spam: guía esencial para detectar y prevenir el spam. [Online].; 2019 [cited 2020 marzo 13]. Available from: https://www.avast.com/es-es/c-spam.

[3] Cofense. Threat Intelligence. [Online].; 2018 [cited 2020 abril 15]. Available from: https://cofense.com/sigma-operators-craft-new-techniques-deliver-phish-inbox/.

[4] CISCO. Reporte Anual de Ciberseguridad. [Online].; 2018 [cited 2020 abril 20]. Available from: https://www.cisco.com/c/dam/global/es_mx/solutions/pdf/reporte-anualcisco- 2018-espan.pdf.

[5] Instituto Nacional de Ciberseguridad. Uso del correo electrónico. [Online].; 2017 [cited 2020 abril 15]. Available from: https://www.incibe.es/sites/default/files/contenidos/politicas/documentos/usocorreo- electronico.pdf.

[6] Universidad Nacional de Luján. Amenazas a la Seguridad de la Información. [Online].; 2017 [cited 2020 marzo 13]. Available from: http://www.seguridadinformatica.unlu.edu.ar/?q=node/12.

[7] Antonio Hernandez SS. Sistema para la detección de ataques phishing utilizando correo electrónico. TELEMÁTICA. 2018 agosto; 17(2).

[8] CISCO. Seguridad del correo electrónico. [Online].; 2019 [cited 2020 abril 15]. Available from: https://www.cisco.com/c/dam/global/es_es/products/security/pdfs/ es_email_sec_report.pdf.

[9] Barracuda Networks Inc. Email Security Trends. [Online].; 2018 [cited 2020 abril 20]. Available from: https://blog.barracuda.com/wp-content/uploads/2018/06/ EmailSecurityTrends_Global.pdf.

[10] Verizon. 2018 Data Breach Investigations Report. [Online].; 2019 [cited 2020 abril 20]. Available from: https://www.verizon.com/business/resources/reports/DBIR_2018_ Report_execsummary.pdf

[11] Securelist by Kaspersky. El spam y el phishing en 2019. [Online].; 2019 [cited 2020 abril 20]. Available from: https://securelist.lat/spam-report-2019/90176/

[12] Malwarebytes. Suplantación de identidad (phishing). [Online].; 2019 [cited 2020 abril 20]. Available from: https://es.malwarebytes.com/phishing/

[13] Vaca M. Solución de control de fuga de información confidencial saliente (data lost prevention) a través de navegación web, correo electrónico y estaciones móviles [Tesis] , editor. [Guayaquil]: ESPOL; 2016.

[14] AVANAN. What Is a Secure Email Gateway and Are They Still Viable? [Online].; 2019 [cited 2020 abril 20. Available from: https://www.avanan.com/blog/what-is-a-secureemail- gateway.

[15] FORCEPOINT. What is a Secure Email Gateway? [Online].; 2018 [cited 2020 marzo 13]. Available from: https://www.forcepoint.com/cyber-edu/secure-email-gateway.

[16] Proofpoint. Email Gateway. [Online].; 2018 [cited 2020 marzo 13. Available from: https://www.proofpoint.com/us/threat-reference/email-gateway.

[17] Proxmox Server Solutions. Proxmox Mail Gateway. [Online].; 2018 [cited 2020 abril 23. Available from: https://www.proxmox.com/en/proxmox-mail-gateway.

[18] Ahmad Yannuri MIWAI. Design and Build Mail Server Systems Using Zimbra 8.8.15 and Antispam on Proxmox Mail Gateway 5.2. INSTITUTE OF COMPUTER SCIENCE (IOCSCIENCE). 2020 mayo; 4(1).

[19] Kali Linux. Kali Tools - SET Package Description. [Online].; 2020 [cited 2020 febrero 21]. Available from: https://tools.kali.org/information-gathering/set.

[20] GITHUB. Social-Engineer Toolkit. [Online].; 2020 [cited 2020 febrero 25. Available from: https://github.com/trustedsec/social-engineer-toolkit/.

[21] Rochina C. Diseño y evaluación de una metodología para reducir los ciberataques originados a través de correo electrónico mediante la aplicación de filtros y reglas sobre un Gateway [Tesis] , editor. Riobamba: ESPOCH; 2021.

[22] Fernandez M. Diseño de un marco de trabajo para la gestión de riesgos de ingeniería social basado en los estándares ISO 27002 y NIST 800-50 [Tesis] , editor. Quito: UISEK; 2019.

[23] Alvear F. Análisis y diseño de una propuesta para mitigar ataques cibernéticos a correos electrónicos utilizando técnicas de hacking ético [Tesis] , editor. Quito: PUSE; 2019.

[24] García L. Diseñar e implementar el prototipo de una arquitectura de seguridad aplicada a una institución financiera para mitigar los ataques de malware [Tesis] , editor. Guayaquil: ESPOL; 2018.

[25] Caiza A. Diseño de un proceso de Hardening de servidores para una institución financiera del sector público [Tesis] , editor. Quito: UISEK; 2019.