For over a year now, businesses across Canada have adapted to remote or hybrid work environments made necessary by the Covid-19 pandemic. Most Canadians have now familiarized themselves with applications and virtual collaboration tools like Zoom, Skype, and Microsoft Teams to keep working, and stay connected throughout lockdowns and distancing measures.
Yet even as organizations begin to move to hybrid work or start putting the wheels in motion to implement a full-time return to the office, we must continue to protect ourselves against cyber-attackers who seek to leverage our greatest vulnerabilities – ourselves.
Prior to the shift to remote working, most organizations already had some form of cyber security tool to protect against malicious activity. Yet more often than not, these tools rely on a set of pre-programmed rules and signatures which identify known “bads” to stop them from making their way into a network.
The problem is, even as these tools evolve, so too do cyber criminals who use increasingly sophisticated, targeted methods to infiltrate organizations. What has remained constant is that 94% of these attacks begin in the inbox – if an email appears genuine enough to fool security tools, how can a human distinguish malicious from benign?
How are attackers using email to target organizations?
As attacks have become stealthier and more sophisticated over the past few years, it has become startlingly clear that no person, company, organization, or federal institution is immune to attack. Attackers can leverage incredibly convincing techniques to make their way into our inboxes, impersonating specific individuals and spoofing domains to appear to
be from trusted senders.
What’s more, attackers are constantly innovating, and have begun to rely on machines to compromise email accounts at a speed and scale with which human security teams cannot keep up. But how are they getting in?
Attackers will do their research on organizations and their employees in search of security vulnerabilities. Some may even approach a target on LinkedIn or another social media website to learn more about them, and the organization they work for. They can then use this information to guess or find email credentials and hijack a legitimate email account.
Once inside, attackers can use your privileged access to internal systems to harvest company information, download, and extract private data from an organization’s systems. Often, attackers may even reach out to professional colleagues, both at your organization and at partner organizations, to send spoofed emails that contain malicious software in attempt to gain access to a larger network.
Phishing for a CEO
Just last year, Darktrace customer and partner McLaren Racing Ltd. was targeted in a phishing attempt by malicious actors. The hackers were highly sophisticated and were going after high-stakes targets – the target of the malicious email was the CEO, Zak Brown.
Aware that Brown would be busy managing the responsibilities of a Grand Prix race weekend, the attackers crafted a targeted email which claimed to be from a supplier, requesting his signature on a linked DocuSign agreement to secure payment. Neither the supplier nor the link was legitimate.
While the email was let in by standard gateway tools, Darktrace AI identified the malicious nature of the attack, and held the email back before Brown even had the chance to click the phishing lure. So how was this email detected?
How do we defend against these phishing attacks?
The traditional cyber security tools with which most Canadian organizations are familiar do not go far enough to account for human error and sophisticated phishing attacks. These tools are backwards facing – they look for obvious spam in the inbox or the presence of malware that they are historically familiar with.
The fact is that modern cybercriminals have gone beyond sending bulk emails or relying on a traditional bag of tricks – their attacks have become much more targeted and harder to spot than ever before, and none of us, not even the CEOs, are immune.
Self-learning AI technology that is capable of detecting anomalies, even ones that do not appear threatening to normal tools, and neutralizing these threats instantaneously is the only answer to protecting ourselves and our businesses against cyberthreat. This AI does not need to be programmed with the same known “bads” as traditional tools and instead works by learning what is normal for an organization’s network, flagging, and neutralizing any activity that appears anomalous.
In the email environment, this means identifying emails from abnormal domains, emails sent at abnormal hours or from strange locations, or emails with suspicious links, and autonomously tying all these pieces of information together to determine whether or not the email is legitimate – in real time.
Canadian organizations must continue to evaluate their cybersecurity strategies, looking to innovative tools, like self-learning AI, to protect their organizations and their inboxes before the damage is done.
David Masson is the Director of Enterprise Security for Darktrace.
Photo by Stephen Phillips on Unsplash
Leave a Reply