1 Investigating Email Threats

Email threats are among the most common types of attacks encountered by Security Operations Center (SOC) analysts, and they often occur multiple times during a working shift. Moreover, malicious emails are often the first step in an attacker’s attempt to gain access to a target environment. Given the increase in these types of threats, SOC analysts and cyber investigators must understand attackers’ techniques to initiate attacks via email and how to investigate and respond to email threats.

The objective of this chapter is to learn why attackers prefer phishing emails to gain initial access, the most common email threats, the most common techniques by attackers to evade detection and trick the victim, how to analyze ...

Get Effective Threat Investigation for SOC Analysts now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Effective Threat Investigation for SOC Analysts by Mostafa Yahia

1

Investigating Email Threats

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly