North American Private Equity Firm Stops HR-Spoofing Cyber-Attack with Darktrace AI
Attackers Used Fake Microsoft Branding and Company Research to Pose as Employees in Targeted Phishing Campaign
Darktrace, a global leader in cyber security AI, today announced that its AI-powered email security solution, Antigena Email, recently uncovered a targeted phishing attack at a North American private equity firm which specializes in the food and beverage sector.
The company, which manages over 150 restaurants across the US, was trialling Darktrace’s Self-Learning AI when the attack took place. Intending to bolster email security, the company had deployed Darktrace’s email security solution, Antigena Email, which had learned the ‘normal’ email communications of every user within the organization in order to detect the abnormalities associated with an email threat.
The attack, which slipped past the company’s existing security controls, started when an employee received an email appearing to originate from internal ‘HR’. The email had been carefully designed to look like a SharePoint Microsoft document and was titled ‘Q3 Commission 2021 and Agenda’, an attempt to induce the recipient into clicking on a malicious link.
Detecting that the IP address of the email was unusual, Darktrace AI identified this as spoofing activity and further investigation suggested it was part of a wider trend of targeted phishing campaigns at the time which used fake Microsoft branding. These attacks are often launched with the intention of causing operational disruption or conducting IP and financial theft.
The company’s security team were alerted and issued company-wide warnings about the attack, averting a crisis. Had Antigena Email been deployed in fully autonomous mode, it would have double-locked the malicious links to ensure they were not clickable.
“Email impersonation attacks have been on the rise for a number of years – these are hyperrealistic ‘digital fakes’ that expertly mimic the writing style of trusted contacts, colleagues, and suppliers,” commented Mike Beck, Darktrace’s Global CISO. “We simply cannot put the onus on humans to spot these well-researched, targeted email attacks and that’s why it is crucial that organizations have AI in place as a first line of defense – capable of detecting the subtle signs of a fake and intervening before a user even has to engage with the email. This is the future of email security.”
Darktrace (DARK.L), a global leader in cyber security AI, delivers world-class technology that protects over 6,800 customers worldwide from advanced threats, including ransomware and cloud and SaaS attacks. Darktrace’s fundamentally different approach applies Self-Learning AI to enable machines to understand the business in order to autonomously defend it. Headquartered in Cambridge, UK, the company has more than 2,000 employees worldwide. Darktrace was named one of TIME magazine’s ‘Most Influential Companies’ for 2021.