Using AI to Protect Your Customers’ Inboxes
Business email compromise (BEC) attacks and email account takeovers are increasing in frequency. In these types of attacks, hackers gain control over legitimate corporate emails by stealing credentials. They can then use those accounts to launch other types of attacks. When cybercriminals gain control of a trusted email address and impersonate an employee, they can wreak havoc by tricking staff into sharing private company or customer data, or even wiring company funds to criminals.
Recently, the Barracuda research team found that these attacks are commonly used to launch phishing and spear phishing attacks. What’s worse, they’re difficult for traditional email security solutions to detect because they originate from legitimate accounts. Further, most email security solutions don’t monitor internal email traffic, which allows these attacks to easily fly under the radar.
How AI Outsmarts Psychological Manipulation Attempts
So, how can companies protect themselves from these types of attacks? Artificial intelligence is emerging as an essential part of a comprehensive email security infrastructure that can help prevent email compromise and account takeovers. These attacks rely on psychological manipulation, and AI-based solutions can “learn” to identify unusual email activity.
Traditional email security solutions focus on threats from outside the firewall–malicious code embedded in emails from foreign servers, spam or phishing emails connected to dodgy websites, etc. An AI-based solution targeted at BEC threats uses deep learning to help spot potential account takeover and spear phishing attacks that have already infiltrated your email server.
Barracuda Sentinel, for example, uses AI and its integration with Office 365 to detect these attacks before they result in a breach. Sentinel analyzes historical and inbound data to help spot email anomalies–odd behavior, unusual content or link forwarding. These emails can be flagged and quarantined. The system also blocks targeted phishing emails that are used to steal passwords and other information, providing additional protection against account takeovers.
This not only helps minimize the effect of these attacks by stopping them before hackers can fool employees into sharing private data or sending money, but it also prevents criminals from using your domain to launch email attacks against other organizations.
AI also gets better over time, by scanning every email and learning the individual habits of each employee. This makes it easier to spot problems faster and more accurately.
Barracuda Sentinel uses machine learning to identify high-risk individuals and signs of an account takeover in every email without manual intervention by the IT administrator. Besides detecting the traditional warning signs like misspellings or links to known phishing sites, an AI-based tool can spot other telltale signs of an account takeover, such as unusual requests (i.e., if an employee asks for a wire transfer), emails sent to people whom they seldom communicate with, an atypical sense of urgency in the email, and more.
These are things that a security gateway isn’t going to catch because spotting them requires a more nuanced understanding of how each individual uses their email. That type of detection is the kind of task that machine learning was tailor-made to accomplish. It also allows IT teams to automate much of the work involved in spotting threats, quarantining suspicious emails, and responding to new attacks.
These solutions can also be integrated with traditional email security solutions and anti-phishing tools. Sentinel also performs automated DMARC (Domain-based Message Authentication Reporting and Conformance) reporting, analysis and visibility to prevent domain spoofing.
AI isn’t a magic bullet to stop email-based attacks, but by combining external protections, strong password policies, and user training with the type of intelligence data analysis enabled by machine learning and other AI approaches, companies can better protect themselves against these increasingly dangerous and costly internal threats.
Chris Crellin is Senior Director of Product Management for Barracuda MSP, a provider of security and data protection solutions for managed services providers, where he is responsible for leading product strategy and management.
This guest blog is part of a Channel Futures sponsorship.