Email Threats
Supply Chain Attacks
Today’s businesses rely on hundreds of interactions with suppliers and partners at every digital layer.
An organization’s defense is only as strong as the weakest link in its supply chain. Attackers are increasingly using third parties to carry out attacks.
13
%
of businesses review the risks posed by their immediate suppliers
Cyber Security Breaches Survey 2022
62
%
of cyber attacks exploited the trust of customers in their supplier
ENISA Threat Landscape for Supply Chain Attacks 2021
$
4.9
M
average cost of a successful phishing attack
IBM 2022 Cost of Data Breach Report
Attacking through the inbox
Email is the number one way that companies communicate with one another, and a compromised supplier poses a serious risk.
Attackers can hijack the communications chain to send phishing emails or invoices from trusted supplier accounts.
Because attackers have hijacked legitimate accounts, their emails bypass gateways and other static email defenses.
How a supply chain attack might unfold
Read the blog: Supply Chain Fraud1.
Third-party supplier account compromised through successful phishing attack or ‘data-dump’ on Dark Web
2. Attacker poses as third-party and sends fake invoice with new bank details
3. Legacy email security marks as safe due to lack of links or malicious attachments
4. Attacker poses as third-party and sends fake invoice with new bank details
1.
Third-party supplier account compromised through successful phishing attack or ‘data-dump’ on Dark Web
2.Third party supplier account compromised through successful phishing attack or ‘data-dump’ on Dark Web
3. Attacker sends a targeted phish containing a login request, which bypasses security rules because it comes from a known account
4. Employee enters credential and keystrokes are logged and sent back to attacker
5. Attacker uses employee account as springboard for next stages of the attack, culminating in significant data loss or ransomware
Block or allow: A recipe for disaster
Email security tools that rely on reputation checks and make binary decisions based on whether or not the sender is ‘trusted’ are ill-equipped to deal with supply chain attacks.
Email security in 2023 needs a different approach that isn’t stuck in the past.
Darktrace/Email learns every interaction. Every email. Every account.
Darktrace uses AI to learn what normal communication looks like for every email user, in order to spot the subtle signs of anomalous emails sent with malicious intent, no matter who has sent them.
If an email poses a threat, Darktrace/Email takes autonomous action to hold it from the inbox or neutralize the risky element.
A hypothetical supply chain attack – with Darktrace
1
Third-party supplier account compromised
through successful phishing attack or ‘data-dump’ on Dark Web
2
Attacker poses as third-party
and sends email containing a fraudulent invoice or unusual link
3
Darktrace/Email pieces together subtle signs
of attack, including: out of character, suspicious link, attempted solicitation
4
Risk is neutralized
with targeted action that causes minimum disruption to the business
13 days
Darktrace analysis reveals that other email security solutions, including native, cloud and ‘static AI’ tools, take an average of 13 days from an attack being launched on a victim to that attack being detected. Darktrace’s approach means those attacks are neutralized instantly.
Business uninterrupted
Don’t let the fear of attacks slow your business down. Because it assesses each email for individual risk, Darktrace/Email allows legitimate communication between organization and supplier to flow uninterrupted.
Get the full picture
Supply chain attacks often start but rarely end in the inbox.
Findings from Darktrace/Email are automatically fed into Cyber AI Analyst, which pieces together disparate events from across the digital environment to reveal the full scope of a security incident – presenting a clear and understandable summary.
Discover AI AnalystFully integrated
Brings security to your email wherever it lives.
- Deploys via API or Journaling
- No MX Changes Required
- Supports multi-tenant and hybrid environments
- Native install with Google & Microsoft 365