decrypting myths
The Domain
Game: How
email attackers
are buying their
way into inboxes
Cybercriminals are taking
advantage of the current
climate, targeting remote
workers via email in a bid
to obtain the ‘keys to the
kingdom’. Dan Fein, Director
of Email Security Products,
Americas, Darktrace, tells us
why organisations must take a
new approach to email security
to tilt the scales in favour
of the defenders.
t is by now
I
common
knowledge that
the vast majority
of cyberthreats
start with an email.
In the current
working conditions, this is more true
than ever – with a recent study reporting
a 30,000% increase in phishing, websites
and malware targeting remote users.
Many email security tools struggle to
detect threats they encounter for the
first time. Attackers know this and are
leveraging many techniques to take
advantage of this fundamental flaw. This
includes automation to mutate common
threat variants, resulting in a massive
increase in unknown threats. Another
technique, which will be the focus of
this article, is the rapid and widespread
creation of new domains in order to
evade reputation checks and signaturebased
detection.
The recent surge in
domain creation
While traditional tools have to rely on
identifying campaigns and patterns
across multiple emails to establish
whether or not an email is malicious,
cyber AI technology doesn’t require
classifying emails into buckets in order
to know they don’t belong. There is
no need, therefore, to actively track
campaigns. But as security researchers,
it’s hard to miss some trends.
Since the Coronavirus outbreak, we
have seen the number of domains
registered related to COVID-19 increase
by 130,000. In this time, 60% of all spear
phishing threats neutralised by Antigena
Email were related to COVID-19 or
remote work.
Another recent study determined that
10,000 Coronavirus-related domains are
created every day, with roughly 10 of
these either malicious or attempting to
generate sales of fake products.
With attackers also taking advantage of
changing online behaviours arising from
the pandemic, another trend we’ve seen
is the proliferation of the keyword ‘Zoom’
in some of the unpopular domains that
bypassed traditional tools, as attackers
leverage the video conferencing
platform’s recent rise in usage.
www.intelligentciso.com | Issue 26
67