Phishing attacks typically aim to deceive employees into clicking malicious links or attachments in an email, with the ultimate aim of harvesting credentials or deploying malware into an organization.

These attacks are becoming increasingly well-crafted and customized to the recipient, with malicious payloads often concealed behind plausible links and disguised buttons.

Antigena Email: Learning the pattern of life

Without relying on knowledge of previously identified threats, Antigena Email analyzes links and attachments in connection with all email communication across the business. In cases of phishing, Antigena will recognize that neither the recipient nor anyone in their peer group has visited the suspect domain before.

The technology also analyzes where the potentially malicious payload is located within an email, noting for instance if it is disguised behind various buttons designed to look like trusted sites.

Blog: AI catches phishing attack disguised as Microsoft Teams notification

Once email account credentials are compromised – either through a successful phishing attack or a wide scale data breach – an attacker’s options are endless.

In many cases, attackers will pillage your inbox for the valuable data it contains: customer lists, pricing documents, and even roadmap and IP details are often just a few searches away. In other cases, criminals will use the account as a launching point for the next stages of an attack.

Complete SaaS coverage with Cyber AI

In addition to the AI-powered phishing protection provided by Antigena Email, Darktrace’s Microsoft 365 Module identifies misuse and account takeover across SaaS applications like Exchange and Microsoft Teams, delivering unprecedented visibility and protection with a dedicated SaaS console.

Blog: How Darktrace caught an email takeover that was missed by other tools

Posing as a trusted contact can help attackers elicit a response and quickly gain a foothold in an organization – whether to wire a fraudulent payment or coax an employee into sharing sensitive information.

These attacks typically come in the form of ‘clean’ emails, with no malicious links or payloads, which makes them even harder to detect. The goal is often to take the conversation offline and bypass traditional security measures.

Antigena Email: A self-learning AI approach

Darktrace learns ‘normal’ communication between every sender and recipient, and catches anomalous behavior as soon as it occurs. Even with ‘clean’ emails, the AI recognizes visually similar email domains and solicitation attempts in the body of the email.

Blog: The advanced email spoofing attacks of hackers-for-hire group Dark Basin

By hijacking the account details of a trusted contact in your supply chain, sophisticated threat actors can gain the trust of a recipient and coax them into clicking a malicious link or transferring millions out of the business. Legacy email defenses assume trust, which means that sophisticated account takeovers often go completely unnoticed.

Antigena Email: Telling friend from foe

Analyzing patterns of communication across inbound, outbound, and lateral mail, Antigena Email uses a wide range of metrics to confidently identify cases of account takeover. The AI will then action an autonomous response, which according to the severity of the threat can range from locking suspicious links and attachments to withdrawing an email from an employee’s inbox entirely.

Blog: Fake Siemens invoice costs academic institution $60,000