Outsmarting e-mail hackers using AI, machine learning

Johannesburg, 17 Sep 2018
Read time 4min 10sec

E-mail hacking is a commonly used malicious tactic in our increasingly connected world. Cyber-criminals compromise e-mail accounts to enter the IT premises of an organisation and carry out attacks ranging from fraud and spying to information and identity theft. Without effective security measures to stop e-mail hacks, potential victims can suffer serious consequences.

E-mail hacking is prevalent across different industries

Attackers deploy e-mail hacking tactics against different sectors around the world. The cyber espionage group Fancy Bear, which specialises in politically motivated attacks, has reportedly targeted the re-election campaign of a US senator earlier this year, via credential phishing tactics. Fancy Bear has been garnering headlines since 2015 for targeting political organisations in the United States, Ukraine, France, Germany, Montenegro and Turkey.

The healthcare industry has become a popular target for cyber criminals the past few years, affecting facilities in Portland, Texas, Tennessee and New Jersey, among other places. These healthcare facilities suffered data breaches brought on by schemes that manipulated hacked e-mail accounts.

These attacks also affect the education sector. In May, the University at Buffalo (UB) released a statement reporting on an attack that compromised an unspecified number of e-mail accounts of university students, staff, faculty and alumni. In Asia, the National University of Singapore (NUS) has warned staff and students of phishing e-mails sent by hacked NUS accounts in July. The compromised e-mails contained malicious links leading to a Web site that tricks recipients into giving out their credentials.

Huge financial losses from e-mail hacks and spoofing

Alongside politics, sabotage, revenge and insider threat, financial gain is one of the more common motivations behind e-mail hacking incidents. To be successful at extracting money from victims, attackers can employ a variety of strategies like using keyloggers, phishing, and social engineering tactics.

Business e-mail compromise (BEC), or e-mail account compromise (EAC), is a notorious scheme that uses e-mail hacking for potentially huge payouts for attackers. The Federal Bureau of Investigation (FBI) has described BEC/EAC as "...scams that typically involve one or more fraudsters, who compromise legitimate business e-mail accounts through social engineering or computer intrusion techniques to conduct unauthorised transfers of funds". The total global losses due to BEC/EAC have reached US$12.5 billion this year, exceeding Trend Micro's prediction by over $3 billion.

What is notable about BEC/EAC is that, unlike e-mail-based ransomware and other malware-dependent attacks, its operators don't have to rely entirely on malicious components to defraud victims. Just a few weeks back, a man in Los Angeles was arrested for a BEC/EAC attack that gave his accomplices unauthorised access to the e-mails of an attorney involved in real estate settlements.The attackers then sent spoofed e-mails, tricking a purchaser in a real estate transaction into transferring $531 981 to an account of a woman, who, in turn, transferred $60 000 to a fraudulent account.

AI and machine learning for boosting e-mail security

E-mail hacking, a crucial process in BEC/EAC and other sophisticated schemes, is still a go-to tactic for cyber criminals because e-mail remains a common infection vector for high-risk threats. Since the platform is easily abused, cyber criminals are expected to continue utilising it in their schemes.

Security technologies with artificial intelligence (AI) can protect users from e-mail attacks. Trend Micro is constantly developing new machine learning (ML) algorithms to examine large volumes of data and to predict if unknown file types are malicious or not. Additionally, expert rules and machine learning can boost the effectiveness of security solutions to help detect and block not just malware-ridden attacks, but also deceptively straightforward scams like BEC/EAC.

Case in point: the Writing Style DNA technology expertly prevents e-mail impersonation by using AI to recognise the DNA of a user's writing style based on past e-mails, which it compares to suspected forgeries. A technology that works best against BEC/EAC scams involving compromised legitimate e-mail accounts, it verifies the legitimacy of the e-mail content's writing style through an ML model that contains the legitimate e-mail sender's writing characteristics.

Writing Style DNA, which is used by Trend Micro Cloud App Security (CAS) and ScanMail Suite for Microsoft Exchange (SMEX), also supplements existing BEC protection techniques that use Expert System and ML to analyse e-mail behaviour (for example, using a free e-mail service provider) and e-mail intention (for example, payment or urgency).

Along with smart security solutions, cyber security awareness and following best practices against e-mail threats can help close security gaps to thwart BEC/EAC scammers and other attackers that abuse e-mail.

Editorial contacts
Trend Micro Karina Brijlal (011) 012 3609
Login with