As far as cyberattacks go, spearphishing has over the years been elevated to an art. Cybercriminals have become extremely adept at crafting e-mail messages that can trick even the most savvy of end users into downloading malware capable of delivering a variety of payloads, including ransomware attacks such as WannaCry and Petya.
Barracuda Networks today announced it plans to employ science to combat those attacks via a Barracuda Sentinel cloud service based on an artificial intelligence (AI) engine that can identify and intercept various forms of spearphishing attacks before they reach an end user.
Asaf Cidon, vice president of content security services at Barracuda Networks, says Barracuda Sentinel makes use of machine learning algorithms to identify email messages based on a fraudulent domain or an anomalous communication that are attempting to spoof a legitimate sender. Once identified, Barracuda Sentinel then moves the message into a quarantine folder for further inspection. At the same time, Barracuda Sentinel then stores the attributes of that message to classify that spearphishing attack in a way that makes identifying attacks using that same method easier in the future.
Despite the volume of spearphishing attacks, Cidon says it turns out most of these attacks emanate from a few sources.https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=i
“There’s not a huge number of actors executing these attacks,” says Cidon.
Barracuda Sentinel applies an analytics application to trace spearphishing attacks back to their source. Barracuda Sentinel can’t do much to prevent such attacks from being launched. But it can make them much less cost-effective by reducing the number of messages loaded with malware from ever being delivered to their intended victim.
Organizations can also make use of Barracuda Sentinel to take advantage of Domain-based Message Authentication Reporting & Conformance (DMARC) guidelines to monitor emails sent from their domain to prevent unauthorized messages from being sent from their company domains. Barracuda Sentinel also provides DMARC reports to identify instances where cybercriminals are hijacking domains and brands to launch cyberattacks by pretending to be, for example, a bank, hospital or school.
In addition, Cidon says, IT organizations can use Barracuda Sentinel as a tool for creating spearphishing attacks that could be used to train end users to better recognize these attacks. To facilitate that training, Cidon says, Barracuda Sentinel can also identify the individuals within the organization that are of the highest spearphishing risk based on their role or the number spearphishing attacks being targeted against them.
The cost of launching a spearphishing campaign has dropped to virtually zero so this style of attack is not going away any time soon. But the less effective those campaigns become over time, the more likely it becomes that cybercriminals will move on to other methods of attack that don’t involve exploiting the emotions of human beings that today are clearly the weakest link in any IT security defense strategy.