Darktrace, a global leader in cyber security AI, today announced that its AI-powered email security technology, Antigena Email, successfully stopped a series of phishing attacks targeting a global manufacturing organization in Brazil.
The company, which has been in business for over 60 years and operates globally, was targeted by four spoofing attempts while trialing Antigena Email. The technology works by learning the “normal” behavior for every email user within an organization. By developing this understanding, it can then spot the subtle anomalies indicative of a malicious email and take targeted action to protect employees, stopping threats before they have reached the inbox.
In this targeted attack, adversaries had sent four spoofing emails to various employees within the business with subject lines falsely suggesting that they came from Apple. Attackers crafted the emails to induce the recipient to open a link and increase their inbox storage capacity. The nature and frequency of the malicious emails suggest this was part of a widespread attack on the organization in which attackers were trying to infiltrate the company’s network. Although the organization had existing email security tools, the malicious emails still passed through undetected.
Darktrace’s AI, through its unique understanding of the digital fingerprint of the business, was able to detect that the emails were not legitimate and potentially malicious. Darktrace flagged this to the user and the company’s security team, and they were able to avert a potential crisis. This prompted the organization to embrace Darktrace’s technology and the company now has Antigena Email set to “Active” mode, whereby the AI autonomously intervenes to prevent emails from reaching a user.
“The inbox remains the primary entry point for most cyber-attacks, and threat actors are constantly finding new ways to evade traditional email security tools,” commented Toby Lewis, Darktrace’s Head of Threat Analysis. “In this case, the spoofing emails slipped by all other security controls before ultimately being caught by AI. We cannot rely on the status quo, and we must take the burden of spotting suspicious behavior away from the user. AI technology that takes enterprise-wide context into account is rapidly becoming the de facto way to detect and stop these email attacks.”