Darktrace AI fends off phishing attack on North American private equity firm
Image courtesy Darktrace
The company, which manages over 150 restaurants across the US, was trialling Darktrace’s Self-Learning AI when the attack took place. Intending to bolster email security, the company had deployed Darktrace’s email security solution, Antigena Email, which had learned the ‘normal’ email communications of every user within the organisation in order to detect the abnormalities associated with an email threat.
The attack, which slipped past the company’s existing security controls, started when an employee received an email appearing to originate from internal ‘HR’. The email had been carefully designed to look like a SharePoint Microsoft document and was titled ‘Q3 Commission 2021 and Agenda’, an attempt to induce the recipient into clicking on a malicious link.
Detecting that the IP address of the email was unusual, Darktrace AI identified this as spoofing activity and further investigation suggested it was part of a wider trend of targeted phishing campaigns at the time which used fake Microsoft branding. These attacks are often launched with the intention of causing operational disruption or conducting IP and financial theft.
The company’s security team were alerted and issued company-wide warnings about the attack, averting a crisis. Had Antigena Email been deployed in fully autonomous mode, it would have double-locked the malicious links to ensure they were not clickable.
“Email impersonation attacks have been on the rise for a number of years – these are hyperrealistic ‘digital fakes’ that expertly mimic the writing style of trusted contacts, colleagues and suppliers,” commented Mike Beck, Darktrace’s Global CISO. “We simply cannot put the onus on humans to spot these well-researched, targeted email attacks and that’s why it is crucial that organisations have AI in place as a first line of defense – capable of detecting the subtle signs of a fake and intervening before a user even has to engage with the email. This is the future of email security.”