TMCnet News
Account Takeover Based Attacks More Than Double with 44% of Businesses Falling VictimAgari, a leading cybersecurity company, today announced the publication of "Protecting Against Account Takeover Based Email Attacks," which observed account takeover-based email attacks more than double month-over-month. Attacks launched from compromised accounts evade traditional detection because they come from a previously-established credible sender. Agari Enterprise Protect is now the first solution to detect ATO-based attacks by enhancing the advanced threat modeling of Agari Identity IntelligenceTM (AI2). "Based on a survey of 140 organizations with an average of over 16,821 email users, 44% of businesses were victims of an email attack using a compromised account in the past 12 months," said Michael Osterman, President, Osterman Research. "Account takeover attacks should be considered a very serious risk because they target the highest levels of leadership, but are extremely difficult to detect." Recently, Osterman Research found that targeted email attacks launched via a compromised account were the most successful email attack vector in the past 12 months. ATO-based attacks evade traditional email security solutions, such as secure email gateways (SEGs), because they are sent from established email accounts - no domain name spoofing or display name deception is required. Previously, Agari research has demonstrated that SEGs are unable to detect business email compromise (BEC) because there is no malicious payload involved. Consequently, ATO-based BEC attacks present a very high risk to organizations because no security controls can detect them. Key findings from "Protecting Against Account Takeover (ATO) Based Email Attacks" include:
Agari Delivers Industry-first ATO-based Attack Detection, Prevention and Forensics Agari Enterprise Protect leverages Agari Identity IntelligenceTM (AI2), an advanced artificial intelligence and machine learning system that ingests data telemetry from more than two trillion emails per year to model email senders' and recipients' identity characteristics, behavioral norms, and personal, organizational, and industry-level relationships. Agari takes a unique approach of modeling the good -- which is what authentic, trustworthy communications look and act like -- using machine learning to identify attempts to trick people into trusting something they should not. With this new release, Agari enhances Agari Identity IntelligenceTM (AI2) machine learning algorithms to model the behavior of compromised accounts used to launch targeted email attacks. When a message is received it is subjected to the following phases of analysis and scoring: 1. Identity Mapping - Determines the perceived identity of the sender, mapping the sender to a previously-established sender/organization or a broader classification. 2. Behavioral Analytics - Given the derived identity, the message is evaluated for anomalies relative to the expected sender behavior such as whether the sender has ever interacted with the recipient, whether the content or structure of the message sent by the sender is expected, or whether the frequency and timing of when the message sent is normal. Any anomalies are obviously perceived to be suspicious. 3. Trust Modeling - Determines if communication from the sender is expected by the recipient. The closer the relationship, the less tolerance for anomalous behavior because of the greater impact of the attack. Ultimately the system models interaction - how often the sender/recipient interact or if the responsiveness and timing of responsiveness between the two are normal. 4. Identity Intelligence Scoring - The Identity Intelligence Score of a message is a combination of the features and indicators of the three phases that determines whether the attack is indeed originating from a Account Takeover-based compromised account. To support this modeling, Agari leverages a cloud-native architecture to drive over 300 million daily model updates, allowing the system to maintain a real-time understanding of this type of email behavioral pattern. "Agari Identity Intelligence is the core of the next generation of Advanced Threat Protection for email. It takes a new approach to detecting the modern, sophisticated, identity-based attack," said Khatod. "Leveraging global telemetry sources, unique algorithms, and a real-time scoring pipeline, the system continuously models email sending and receiving behaviors across the Internet and detects the new attacks of today and the even more sophisticated ones we expect to see in the future." For additional information about Agari Enterprise Protect visit: https://www.agari.com/account-takeover/?utm_source=press-release&utm_medium=press-release&utm_campaign=ato-attack-page&utm_term=ato-attack-page&utm_gen=utmdc To download "Protecting Against Account Takeover (ATO) Based Email Attacks" visit: https://www.agari.com/wp-content/uploads/2018/04/Agari-Protecting-Against-ATO-Attacks_2018.pdf?utm_source=press-release&utm_medium=press-release&utm_campaign=ato-report&utm_term=ato-report&utm_gen=utmdc About Agari Agari, a leading cybersecurity company, is trusted by leading Fortune 1000 companies to protect their enterprise, partners and customers from advanced email phishing attacks. The Agari Email Trust Platform is the industry's only solution that 'understands' the true sender of emails, leveraging the company's proprietary, global email telemetry network and patent-pending, predictive Agari Identity IntelligenceTM (AI2)to identify and stop phishing attacks. The platform powers Agari Enterprise Protect, which help organizations protect themselves from advanced spear phishing attacks, and Agari Customer Protect, which protects consumers from email attacks that spoof enterprise brands. Agari, a recipient of the JPMorgan Chase Hall of Innovation Award and recognized as a Gartner (News - Alert) Cool Vendor in Security, is backed by Alloy Ventures, Battery Ventures, First Round Capital, Greylock Partners, Norwest Venture Partners and Scale Venture Partners. Learn more at http://www.agari.com and follow us on Twitter (News - Alert) @AgariInc.
View source version on businesswire.com: https://www.businesswire.com/news/home/20180412005374/en/ |