The explosion of spear phishing emails hiding behind pandemic-related information has led to an increased demand for AI-driven email security.
Since January 2020, the number of users of one email security vendor has doubled. When widespread regional lockdowns began in early March, the same vendor saw the number of requests to trial its email solution quadruple.
In the month of April, 60% of all advanced spear-phishing attacks blocked by this vendor’s email software was either related to COVID-19 or aimed at tricking employees by referencing remote-working.
The vendor, cyber AI company Darktrace, says attackers are exploiting concerns about the virus to convince people to open emails and click on malicious links in a trend called ‘fearware’: using over 48,000 newly-created email domains linked to the coronavirus to bypass standard spam filters.
Darktrace says its email solution has stopped numerous instances of ‘fearware’ across its customer base, including attackers posing as the Center for Disease Control (CDC) and World Health Organization (WHO) and, more recently, attackers spoofing company email addresses to deliver false corporate updates.
At the leading LA production studio Bunim/Murray, the AI-driven email software caught several phishing emails purporting to deliver corporate COVID-19 updates to employees. The emails were automatically stopped before they could make it into employees’ inboxes.
Said Gabe Cortina, CTO at Bunim/Murray: “Had these emails reached the user, we might have been in a situation where one of our well-intentioned employees clicked on the malicious link in an attempt to get accurate, up-to-date information, not recognizing that it would introduce malware into our environment.” With email security in place, Cortina said she does not have to worry about end user behavior “because the AI neutralizes it before it even gets to that point.”
Darktrace’s Antigena Email software is powered by artificial intelligence, which forms an evolving understanding of ‘normal activity’ for corporate email environments and the individual users within them. This enables it to detect incoming novel and targeted attacks that traditional tools let through, including domain spoofing, supply chain account takeovers, and impersonation attempts.