|
Work item:
|
X.sf-dtea
|
|
Subject/title:
|
Security framework for detecting targeted email attacks
|
|
Status:
|
Under study [Issued from previous study period]
|
|
Approval process:
|
TAP
|
|
Type of work item:
|
Recommendation
|
|
Version:
|
New
|
|
Equivalent number:
|
-
|
|
Timing:
|
2025-09 (Medium priority)
|
|
Liaison:
|
-
|
|
Supporting members:
|
Korea (Republic of), ETRI, Broadcom
|
|
Summary:
|
Targeted email attacks used in both incoming and outgoing emails utilise methods such as header forgery, similar email addresses, or account take-over (ATO). They may attach previously unknown intelligent malware or impersonate a legitimate sender trusted by the target. Consequently, email users may end up clicking on malicious attachments intended for unauthorised fund transfers, data leaks, computer system failures, and more, or replying with personal information, falling into the attacker's trap.
This poses a serious risk to the email users' information assets. However, despite the severity of such targeted email attacks, the proposed email security solutions so far have remained limited to simple inbound spam blocking or inbound domain blocking techniques. Comprehensive solutions that effectively prevent or block targeted email attacks by leveraging various known technologies have not yet been suggested.
In particular, targeted email attacks on the receiving end ultimately lead to security issues in the sending end as well. Since the security issues in the sending end further translate into security issues in the receiving end, a systematic security system that considers these aspects is required to detect and block targeted email attacks. However, a suitable solution has not yet been proposed.
|
|
Comment:
|
-
|
|
Reference(s):
|
|
|
Historic references:
|
|
Contact(s):
|
|
| ITU-T A.5 justification(s): |
|
|
|
|
First registration in the WP:
2023-09-28 12:30:58
|
|
Last update:
2024-09-18 11:24:08
|
