While email attacks are becoming more and more sophisticated, the majority of email security tools still rely on signatures to identify malicious mails. As a result, companies are increasingly vulnerable to novel techniques that criminals are using to evade automatic detection and fool the time-pressed user.
The purchasing of thousands of email domains in order to send out malicious emails en masse is a tried-and-tested technique that exploits a fundamental limitation in most security tools. But in recent years, developments in artificial intelligence (AI) have enabled an understanding of "normal" email traffic the subtle indicators of threat that deviate from this norm.
[embedded content]
Detecting Malicious Emails: The Binary ApproachLegacy email security tools were designed to counter spam emails by comparing incoming mail with a list of "known bad" email addresses. Like a bouncer at the door of a nightclub, these tools look for known entities with bad reputations and don't let them in.
They do this by analyzing metadata, such as the sender's IP address, the email domain, embedded links, and attachments. This data is analyzed at face value, and the binary approach asks of each piece of data: Is this malicious?
But this analysis fails to identify more sophisticated attacks, particularly those that employ new email domains that aren't obviously suspicious. A new email domain – which usually costs just a few cents to buy – has no reputation at all, and so an attacker using one is almost guaranteed to get through spam filters and traditional controls. Such was the case in May, when Norwegian state-owned investment fund ..
Support the originator by clicking the read the rest link below.
