Barracuda unveils AI-driven tech to combat spear-phishing
More than 90 percent of cyberattacks and resulting breaches in 2016 stemmed from a spear-phishing e-mail, according to PhishMe’s 2016 Enterprise Phishing Susceptibility and Resiliency report.
With that kind of business environment in mind, Barracuda Networks, a vendor of cloud-enabled security and data protection systems, has debuted Barracuda Sentinel, an artificial intelligence-driven system designed to combat spear-phishing and cyber-fraud in real time. Barracuda Sentinel is delivered as a cloud service and includes APIs to link to various applications, including Microsoft Office 365 and a variety of social media outlets to defend against impersonation attempts, business email compromise and cyber fraud.
[Also: Spear-phishing hackers turn to junior staff when execs master security basics]
Spear-phishing is one of the most devastating cybersecurity threats. Tens of thousands of companies and individuals have fallen prey, sending wire transfers and sensitive customer and employee information to attackers impersonating their CEO, boss or trusted colleague. The FBI reports that organizations have already lost $5 billion due to business e-mail compromise. And beyond the financial impact, these attacks have caused irreparable damage to reputations and brands.
The artificial intelligence within the Sentinel system examines various parts of e-mails and other communications to determine if a communication is a spear-phishing message.
[Also: Spear-phishing caused majority of 2016 cyberattacks, but ransomware is rising]
“Messages typically involve metadata and data, and we can glean information from both to determine whether a particular message is a spear-phishing attack,” explained Asaf Cidon, vice president of content security services at Barracuda. “From the metadata perspective, you have various fields, the From address, the Reply To address, and so on, and what we are looking for is anomalies.”
A junior employee might receive an email that appears to be from the CEO but comes from an address not normally associated with the CEO. That’s a strong signal of spear-phishing that the Sentinel system would pick up immediately based on its knowledge of company communications gleaned from analysis of past communications. The system quarantines such e-mails.
Another example: An employee receives an email from a company with the domain AcmeCorp.com, but the Reply To is going to a random G-mail account. That’s also a strong signal the Sentinel system would pick up before an employee even receives the e-mail.
“We also add additional signals from the body of the email itself,” Cidon said. “There are various cues we look for, one could be if the email contains mention of very sensitive information, PHI in the case of a healthcare organization, or if they are asking for a wire transfer. We also look for tone of voice. Typically these attacks ask you to do something urgently.”
Sentinel also comes equipped with APIs that automatically connect with other systems to enable Sentinel to monitor other communication channels where spear-phishers might attempt an impersonation.
“Traditionally, solutions sit at the network and try to look at all network traffic to examine whether it is malicious, but we do an API-based approach,” Cidon said. “We go in and directly communicate with the cloud-based set-up with Office 365 or G-mail and leverage their APIs to get the context of the normal communication with recipients and also leverage that API to quarantine the e-mails when we deem them to be spear-phishing. It allows us to get all this rich context out of the box; we can learn the normal communication patterns of the company.”
Organizations can link to social media and communication outlets such as Slack, as well, where spear-phishers attempt to cozy up to targets who may be able to provide sensitive information.
“Spear-phishers would either join a public channel or try to add their user into a private communication channel,” Cidon explained. “Those types of attacks can be orchestrated in more normal organizational networking where companies today have replaced a large amount of their email communication with things like Slack. Attackers are using various communication channels and we think that will only increase.”
Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com
