April 19, 2018
Agari has announced figures from a fresh study that demonstrates account takeover attacks are increasing. These phishing attacks entail the use of an undermined electronic mail account to deceive workers into disclosing confidential information or fixing malware. Agari states account takeover attacks have doubled up in 2018.
As messages are supposed to have been sent from a known person, several electronic mail receivers let their guard down. The efficiency of this phishing method is demonstrated by Agari’s figures from a fresh Osterman Research study on 140 companies with an average of 16,821 electronic mail users. In the past 12 months, 44% of respondents stated their business has been a sufferer of an electronic mail account takeover attack.
Contrary to the spray and pray methods used by several electronic mail scammers, account takeover attacks are vastly targeted with company managers and board members most likely to get the electronic mails. The Osterman Research survey demonstrates these to be the most successful electronic mail attack route.
Many of the methods typically associated with spam like domain spoofing and hiding of the actual sender of an electronic mail are not used. It is these spam signatures that often see electronic mails obstructed by spam solutions. Most electronic mail spam fortifications fail to obstruct this kind of attack since the electronic mail is sent from an established electronic mail account.
In the case of business email compromise attacks (BEC) – a type of account takeover attack that utilizes an internal electronic mail address to target another member of the company – companies can’t easily obstruct the electronic mails from being delivered or even find that the electronic mails are hateful since there is no malicious payload. As such, no safety control is able to obstruct these electronic mails and stop them from being transported.
“Agari’s research shows what CISOs have doubted for years: traditional electronic mail safety solutions, such as safe electronic mail gateways, based on examination and status are not able to find advanced electronic mail attacks, like account takeover,” said Ravi Khatod, CEO, Agari.
Agari has explained five steps in a usual account takeover attack – data exfiltration, a targeted attack, control reconnaissance, initial account access, and fake wire transfers or other fake financial dealings.
To thwart the danger, Agari has created its Enterprise Protect platform which includes improved Agari Identity Intelligence. The platform utilizes algorithms with machine learning to examine electronic mails and assign a score to each. The score shows the possibility of it having been sent from an undermined account.
Agari utilizes identity mapping to decide the supposed identity of the sender, behavioral analytics to decide inconsistencies in the message that differ from expected sender behavior, and trust modeling to decide whether the electronic mail is expected by the receiver. Identity cleverness scoring is based on the above 3 controls and decides whether the message is authentic or has likely been sent from an undermined account.
“Leveraging international telemetry sources, exclusive algorithms, and a real-time scoring pipeline, the system constantly models electronic mail receiving and sending behaviors through the Internet and finds the new attacks of today and the even more advanced ones we suppose to see in the time to come,” said Khatod.