Email security is a critical component of cybersecurity, as email remains one of the primary communication tools for businesses. However, it is also a major target for cybercriminals, who exploit various vulnerabilities to compromise sensitive information. Common email threats include phishing, business email compromise, and malware attacks, each posing significant risks to organizations. As email threats evolve, it is essential for businesses to adopt effective security best practices and promote security awareness among employees. This article will explore the types of email security threats, their implications, and strategies for safeguarding against these risks in today’s digital landscape.

Social Engineering

Social engineering is a tactic used in various cyber-attacks, where attackers manipulate individuals into giving up sensitive information or access. The goal is often to gain unauthorized access to systems, finances, or data. This approach relies on psychological manipulation and exploits human trust.

Key points:

• Social engineering aims to exploit human error to gain access or information

• Common in attacks targeting finances or sensitive company data

• Tactics include impersonation, creating urgency, and building trust

• Requires strong security awareness and security best practices to combat

In 2023, Darktrace researchers observed a 135% rise in ‘novel social engineering attacks’ across Darktrace / EMAIL customers, corresponding with the widespread adoption of ChatGPT.

How are organizations defending against social engineering?

Organizations are implementing various defensive measures, including enhancing security education and setting up multi-factor authentication (MFA) to combat social engineering. While MFA improves security, it can still be bypassed by hackers. Additionally, security awareness training programs often show mixed results. As a result, many organizations are now looking to artificial intelligence to help prevent cyber-attacks that use social engineering tactics.

Traditional email defenses struggle to keep up with modern social engineering threats because they depend on threat intelligence and "deny-lists" of known bad email domains and IP addresses. However, attackers can easily create new domains for very little cost and frequently update their infrastructure, making this method ineffective.

Stopping social engineering with Darktrace

Darktrace’s unique approach to cybersecurity stops these attacks. Self-Learning AI learns the who, what, when, and where of every email user’s communication patterns. This evolving and multi-dimensional understanding allows the AI to spot subtle signs of a social engineering attack, regardless of whether it is known or novel and regardless of the tactics in place.  

Read our blog, “Understanding The Threat of Social Engineering” to find out more.

Phishing

Phishing is the most common email security threat, where attackers impersonate trusted entities to extract sensitive information.

Key points:

• Attackers pose as legitimate entities to steal information like passwords or credit card details

• Types include:

• Spear phishing (targeted attacks)

• Whaling (targeting high-level executives)

• Important to implement security best practices and train staff on recognizing phishing attempts

• Raising security awareness minimizes the risk of disclosing sensitive information

How to stop phishing attacks?

Traditional security solutions which rely heavily on previously identified malicious emails and known bad senders are struggling to identify and defend against these novel and increasingly sophisticated email threats.

But by using AI that learns the unique digital environment and patterns of each business, Darktrace / EMAIL can recognize the subtle deviations in expected email activity to determine whether any given email could represent a threat to the business. It is then able to make highly accurate decisions to mitigate and neutralize any email attack it faces, helping to keep your organization safe from cyber disruption.

In its End of Year Threat Report, Darktrace analyzed over 10 million phishing emails targeting customer environments between September 1 and December 31, 2023.

Read our blog “How Phishing Attacks Are Becoming Harder to Identify” to learn more about phishing.

Malware

Malware is malicious software that spreads via email, often tricking recipients into opening infected attachments or links.

Key points:

• Malware can include viruses, trojans, and ransomware

• Ransomware encrypts files, demanding a ransom for decryption

• The goal is to disrupt operations, steal data, or extort money

• Critical to maintain security awareness to avoid downloading malicious content

What you need to know about malware

Emerging threats in the cybersecurity landscape are increasingly characterized by the use of Malware-as-a-Service (MaaS) tools. Darktrace has observed that many prevalent threats leverage these MaaS offerings, driven by their subscription-based income model, low barriers to entry, and high demand. This ecosystem enables even inexperienced attackers to execute potentially disruptive attacks, regardless of their technical skills.

Recent analyses show that several notable threats, such as Mirai, AsyncRAT, Emotet, and NjRAT, have re-emerged in the past six months. While some MaaS strains adapt their tactics and techniques, many others remain unchanged and continue to achieve success in breaching defenses. This persistence highlights a significant gap in the capabilities of some security teams and organizations to effectively defend against these evolving threats.

To learn more about the current threat landscape download the Darktrace Half Year Threat Report 2024 here!

Man-in-the-Middle Attacks

In a man-in-the-middle (MitM) attack, cybercriminals intercept and alter communications between parties, often leading to serious consequences.

Key points:

• Attackers modify email communications unnoticed

• Can lead to:

• Introduction of malware

• Loss of sensitive information

• Poor decision-making due to manipulated communications

• Protect against MitM with encryption and secure email gateways

Business Email Compromise (BEC)

Business Email Compromise (BEC) is a targeted attack that exploits trust to steal money or data by hacking or spoofing a trusted email account.

Key points:

• Attackers hack or spoof a trusted email account

• Common tactics include creating a false sense of urgency and impersonation

• Often aims to steal sensitive data or initiate unauthorized financial transactions

• Mitigating BEC requires security awareness and recognition of unusual email behavior

The rise of generative AI tools enhances this risk, particularly for Business Email Compromise (BEC). These tools allow attackers to create and execute social engineering and phishing campaigns more quickly, on a larger scale, and with greater sophistication than ever before.

Large Language Models (LLMs) like ChatGPT can create convincing emails that seem legitimate. For instance, generative AI can send fake invoices from vendors linked to well-known projects. These emails are harder to spot because AI can:

• Avoid spelling and grammar mistakes

• Generate multiple variations of the message

• Translate text that reads well in different languages

• Use more precise targeting tactics  

Learn more about AI-led BEC threats, how these threats extend beyond the inbox, and how organizations can adopt defensive AI to outpace attacker innovation in the white paper “Beyond the Inbox: A Guide to Preventing Business Email Compromise.”

Zero-Day Attacks

Zero-day attacks exploit previously unknown vulnerabilities in software, leaving organizations little time to react.

Key points:

• Target unpatched or undiscovered software vulnerabilities

• These attacks are fast and unpredictable

• Real-world example: The 2020 SolarWinds breach

• Organizations need proactive security measures and quick response capabilities

Darktrace is uniquely positioned to detect zero-day attacks because it does not rely on a constant stream of threat data to detect threats. Darktrace uses a unique understanding of your digital environment to detect malicious activity as it happens in real-time. This means threats like BEC, novel ransomware, account compromise, and insider threats that have legitimate access are detected.

AI-Generated Attacks

Cybercriminals now use artificial intelligence to craft more sophisticated and harder-to-detect email attacks.

Key points:

• AI generates personalized phishing emails, mimicking trusted colleagues

• Attacks are fast and difficult to detect

• Requires advanced types of email security to counter these threats

According to insights from Darktrace, organizations feeling the impact of AI-powered cyber threats

• 74% say these threats are now a major issue.

• 89% believe AI-powered threats will continue to be a challenge for the foreseeable future.

However, only 56% see AI-powered threats as distinct from traditional ones, likely due to the difficulty in identifying if an attack is AI-driven. While pinpointing the use of AI may be tough, AI can influence every stage of an attack. Defenders must prepare for faster, more unique threats.

Read more about how AI is impacting the cyber threat landscape on our blog “The State of AI in Cybersecurity: How AI will impact the cyber threat landscape in 2024”

Darktrace has developed a fundamentally different approach to email security, one that doesn’t learn what’s dangerous from historical data but forms an in-depth understanding of each organization and its users.

Darktrace / EMAIL focuses on individuals - how each person uses their inbox and what constitutes “normal” for each user - in order to detect what’s not normal. Our AI technology builds profiles for every email user, including their relationships, tone and sentiment, content and link sharing patterns, and thousands of other signals.

Because Darktrace understands the human behind email communications rather than knowledge of past attacks, it can stop the most sophisticated and evolving email security risks like generative AI attacks, BEC, account takeover, supply chain attacks, data loss, and ransomware.  

To learn more about Darktrace / EMAIL read our Solution Brief.