In today’s interconnected world, while email communication is an integral part of business operations, it is also the most common route for viruses to infect computer systems. Thus, DSTA developed a malware analyser to protect its network and computers against threats that are sent via emails. This tool analyses email attachments for malicious behaviour and performs analytics to detect cyber threats that may be unknown previously.


Phishing emails which enclose content that is relevant to the recipient but embed malicious attachments or URLs are one of the most common techniques used by hackers to compromise the security of large organisations. These malicious attachments can contain sophisticated malware that cannot be detected by commercial anti-virus products. To prevent such malware from infiltrating networks, the DSTA team developed a solution that captures suspicious activities generated by these attachments and when necessary, quarantine them. This solution has been seamlessly integrated into the existing email infrastructure to perform non-intrusive analysis on all incoming emails, with no perceptible impact on user experience.

The solution also collects and analyses attributes from emails. By applying data analytics on the information collected and correlating it with information and infrastructure logs, the DSTA team uncovered previously unknown cyber threat patterns and introduced additional protective measures.

Since its deployment, the solution has successfully detected and mitigated malicious emails, making the infrastructure more robust against cyberattacks.