Technical

Blocking Spam Is Good, Analyzing Spam Is Better

With 45% of all emails being spam, a 30% opening rate for messages that contain phishing content, and 12% of those users clicking on the malicious attachment or link, it is clear that continuing to block all that spam is a good idea. But this is not enough. Many organizations continue to act under the assumption that because spam email is quarantined, users are secured. Another common myth is that if an attack reaches a user’s spam folder, the attack has failed. Both of these assumptions are false. There are a few reasons why these are incorrect premises. 

First, attackers not only send emails and hope to succeed, but they are also highly motivated and they will persevere until they accomplish the compromise. In addition, sending spam emails is unbelievably cheap, according to Trend Micro bulk email plans in the dark web start at USD$20, thus the ROI of these cybercrime campaigns is significant. More importantly, the attacker gets very close to your users. With a bit of tweaking and perseverance, they will absolutely achieve their goal. 

Second, these emails are being segregated and often ignored for good, when the reality is that they hold incredible value and unique intelligence about how an organization is being targeted, including which users in a company are being closely and relentlessly targeted and how this is being attempted.

Lastly, we cannot forget that most of our users are now working from home, thus the security controls designed to protect the perimeter are now void. Remember, email is only one vector for propagating attacks, adversaries have plenty of options in hand. 

At Lumu, we are already helping more than 700 organizations unleash the value of their own Spambox. And now, we have new and improved capabilities that allow you to join them

Unlock the Value of Your Spambox by Analyzing Spam

Implementing a Continuous Compromise Assessment model requires the systematic collection and analysis of a wide range of network metadata. One of the most important, yet frequently ignored data sources is spam. However, your own organization’s spambox is a unique threat intelligence source and it can help you understand the compromises your organization is facing. Different solutions in our space focus on blocking spam, but understanding how attackers are trying to compromise the organization and if they are successful is precious information that most companies ignore. 

Here are some of the most relevant items you can access once you start analyzing spam to measure compromise in real time:

  • Threat insights: Drill down into detailed, factual data about the attacks targeting your organization, including the kind of attack and the volume with which the attack is occurring. See when the malicious campaigns occur, how successful the attacker is, the most common attack types, and more.
  • Spambox attack patterns: Arm your team with a deep understanding of the threats targeting their enterprise and grant them the ability to notice patterns in order to adjust cyberdefense and inform future investments.
  • Understand malicious campaign patterns: Adversaries will relentlessly adjust their email campaigns to improve deliverability. As such, the same campaigns will be launched repeatedly until they become successful.
  • Discover which assets and environments are being affected: Detect compromised assets and where they are located with advanced network correlation. Visualize compromises according to your unique set of labels (eg. PCI, Swift, Finance, Central Office).

Many organizations start their Continuous Compromise Assessment journey with Spambox, because it is easy to implement and they see its value right away. There are two ways to get started: 

  • If you are a Lumu Insights customer this is included in your subscription, you only need to enable it here.
  • If you are a Lumu Free customer, do not worry! The ability to collect Spambox data can be enabled as an add-on to your account here.

Recent Posts

  • Blog

Lumu & the MSP Community: 2024 in Review

Reading Time: 4 minsLumu has worked hand-in-hand with MSPs throughout a year that consolidated the…

4 days ago
  • Blog

Reflecting on 2024: Lumu’s Innovations in SecOps

Reading Time: 5 minsLumu’s 2024 SecOps advancements focus on automation and smarter threat detection, with…

6 days ago
  • Attacks

Lumu’s Detection & Response to a Real-World DNS Tunneling Attack

Reading Time: 7 minsThis is the story of a serious DNS tunneling attack on a…

1 week ago
  • Events

Cybersecurity Insights for MSPs: Lessons from IT Nation Connect 2024

Reading Time: 4 minsDiscover the top insights from Lumu’s pre-conference workshop at IT Nation Connect,…

4 weeks ago
  • Stories

Cybersecurity Trends 2025 and Beyond: Navigating AI-Driven Evasion Techniques and Autonomous Threats for Resilient Defense

Reading Time: 2 minsAs we move into 2025, AI-driven evasion and autonomous threats will redefine…

1 month ago
  • Trends

CISA Reveals How 12 Ransomware Gangs are Bypassing EDRs

Reading Time: 7 minsEndpoint Detection and Response (EDR) has a critical role in most companies’…

2 months ago