Secure Email Threat Simulation for Targeted Attack Prevention
Learn how to secure your organization from advanced email threats with Keepnet Labs’ E-Mail Threat Simulator. Understand configuration best practices and create secure test accounts to enhance your cybersecurity defenses.
2024-01-18
'%3e%3cpath%20d='M4%204L15.733%2020H20L8.267%204H4Z'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3cpath%20d='M4%2020L10.768%2013.232M13.228%2010.772L20%204'%20stroke='%230671C0'%20stroke-width='2'%20stroke-linecap='round'%20stroke-linejoin='round'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_8149_16006'%3e%3crect%20width='24'%20height='24'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M5.37214%2023.8745H0.396429V8.10162H5.37214V23.8745ZM2.88161%205.95006C1.29054%205.95006%200%204.65279%200%203.08658C1.13882e-08%202.33427%200.303597%201.61278%200.844003%201.08082C1.38441%200.548853%202.11736%200.25%202.88161%200.25C3.64586%200.25%204.3788%200.548853%204.91921%201.08082C5.45962%201.61278%205.76321%202.33427%205.76321%203.08658C5.76321%204.65279%204.47214%205.95006%202.88161%205.95006ZM23.9946%2023.8745H19.0296V16.1963C19.0296%2014.3665%2018.9921%2012.0198%2016.4427%2012.0198C13.8557%2012.0198%2013.4593%2014.0079%2013.4593%2016.0645V23.8745H8.48893V8.10162H13.2611V10.2532H13.3307C13.995%209.01393%2015.6177%207.70611%2018.0386%207.70611C23.0743%207.70611%2024%2010.9704%2024%2015.2102V23.8745H23.9946Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24588'%3e%3crect%20width='24'%20height='27'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
'%3e%3cpath%20d='M13.957%2014.75L14.668%2010.0848H10.2225V7.05745C10.2225%205.78115%2010.8435%204.53707%2012.8345%204.53707H14.8555V0.565174C14.8555%200.565174%2013.0215%200.25%2011.268%200.25C7.60703%200.25%205.21403%202.48441%205.21403%206.52931V10.0848H1.14453V14.75H5.21403V26.0278H10.2225V14.75H13.957Z'%20fill='%230671C0'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_3867_24590'%3e%3crect%20width='16'%20height='25.7778'%20fill='%234A4D53'%20transform='translate(0%200.25)'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
How to Use Keepnet Labs’ E-Mail Threat Simulator for Advanced Email Security
In 2024, targeted email attacks continue to rise, especially against large corporations, government agencies, and political organizations. Despite sophisticated filters, email remains one of the most common entry points for cyberattacks. Even the best filters can be misconfigured, leading organizations to think they’re safer than they are. Keepnet Labs' E-Mail Threat Simulator helps assess these vulnerabilities, offering a reliable way to measure, analyze, and improve email security.
The Growing Need for Email Threat Simulations
Over the past decade, attackers have focused increasingly on email-based attacks due to the sensitive data often accessible via corporate email accounts. Today’s organizations store large amounts of information, making them appealing targets. Keepnet Labs' simulator offers a unique method to strengthen your defense against these threats by evaluating your current security setup and identifying hidden vulnerabilities in email configurations.
Creating a Secure Test Account for Email Threat Simulation
To accurately test your email security setup, Keepnet Labs’ Email Threat Simulator requires a test account. This account serves as a sandbox, allowing the simulator to conduct security checks and provide reliable reports on vulnerabilities. Here’s how to configure a secure test account and ensure it complies with your organization's security requirements.
Step 1: Creating a Test Account in Exchange
Start by setting up the test account with Exchange Management Shell, which requires Organization Administration permissions. Here’s a sample command to create your test mailbox account:
New-Mailbox -UserPrincipalName ets@yourdomain.com -Alias ets -Name ETS -Database PERDB -OrganizationalUnit OU=SNR,DC=keepnet,DC=aws -ResetPasswordOnNextLogon $false –password (ConvertTo-SecureString -String 'StR0ngP@ssw0rd' -AsPlainText -Force)
This mailbox is dedicated solely to receiving simulated threat emails without the risk of sending emails to external or internal addresses, ensuring that all simulations are contained and secure.
Step 2: Restricting the Test Account’s Permissions
To ensure the test account operates safely, configure restrictions that prevent it from sending or receiving emails outside the test parameters. Use Exchange Admin Center (EAC) for this process.
- Log in to Exchange Server with Organization Admin authority.
- Go to Mail Flow > Rules.
- Add a new rule with the conditions:
- Apply this rule if: The sender is the test account.
- Do the following: Delete the message without notifying anyone.
4.In More Options, set an exception to allow emails sent to ets@keepnethood.com.
These restrictions ensure that the test account can only receive emails directly related to the email threat simulations.
Enable Mailbox Audit Logging for the Test Account
By default, mailbox audit logging is disabled for new mailboxes on Exchange servers. Activating this feature allows you to log every action taken with the test account, ensuring compliance and tracking activity accurately.
Set-Mailbox -Identity "ETS Test Account" -AuditEnabled $true
Get-Mailbox -ResultSize Unlimited -Filter {RecipientTypeDetails -eq "UserMailbox"} | Set-Mailbox -AuditEnabled $true
These logs allow detailed tracking of actions taken by admins and authorized users on the test account, providing a layer of accountability and ensuring that no unauthorized changes are made.
Customizing Audit Logs for Different User Groups
Set-Mailbox -Identity "ETS Test Account" -AuditAdmin Update, Move, MoveToDeletedItems, SoftDelete, HardDelete, FolderBind, SendAs, SendOnBehalf, Create -AuditDelegate Update, Move, MoveToDeletedItems, SoftDelete, HardDelete, FolderBind, SendAs, SendOnBehalf, Create -AuditEnabled $true
This command specifies which actions to log for admins, delegates, and the mailbox owner, allowing you to tailor logging to meet compliance needs without overcrowding logs.
Enabling Admin Audit Logging for Security Compliance
Another important configuration involves Admin Audit Logging, which records commands run by admins on the server. By enabling this log, you can track configuration changes, enhancing accountability across the server.
Set-AdminAuditLogConfig -AdminAuditLogEnabled $true -AdminAuditLogParameters * -AdminAuditLogCmdlets *
Search-AdminAuditLog -cmdlets New-Sendconnector -startdate 04/20/2023 -enddate 04/25/2023
New-AdminAuditLogSearch -Name "Mailbox Quota Change Audit" -Cmdlets Set-Mailbox -Parameters UseDatabaseQuotaDefaults, ProhibitSendReceiveQuota, ProhibitSendQuota -StartDate 01/20/2024 -EndDate 01/30/2024 -StatusMailRecipients admin@yourdomain.com
Final Thoughts on Secure Email Simulation
By creating a restricted, audit-logged test account, Keepnet Labs’ Email Threat Simulator can safely identify weaknesses within your organization’s email security. With the rise of targeted attacks, this proactive approach helps organizations better understand and improve their defenses, ensuring that email security configurations are continuously evaluated and refined.
For more insights into email threat simulations and broader cybersecurity measures, explore Keepnet Labs' Phishing Simulator and Security Awareness Training resources.
Editor's Note: This blog was updated on November 15, 2024.
SHARE ON