How can enterprises protect against ATO based email attacks?

Traditionally, cybercriminals have employed email spoofing and display name deception to deceive employees. However, recent Agari research indicates that targeted email attacks that exploit account takeovers (ATO) have seen a 126% increase month-over-month in early 2018 alone.

ATO-based email attacks are increasing

"Prior to 2017, concerns over ATO-based email attacks were virtually non-existent", a recent Agari whitepaper notes. Nevertheless, a recent Osterman survey found that 44% of organisations have experienced targeted email attacks launched via a compromised account.

In effect, an ATO-based email attack aims to gain unauthorised access to a trusted email account. Cybercriminals then utilise this in order to "launch subsequent email attacks for financial gain or to execute a data breach."

Traditional security controls cannot detect these attacks as they originate from the email accounts of trusted senders. As a result, launching a targeted attack from an account such as this increases the likelihood that it will succeed due to "pre-existing trust relationships."

ATO-based email attacks therefore rely on leveraging a compromised account or endpoint as a "launchpad" for a targeted email attack. A business email compromise is particularly common and it can have devastating effects.

How can companies defend against these attacks?

Attackers are becoming increasingly more sophisticated at compromising specific employees to target entire organisations. As a result, the "effectiveness of ATO-based email attacks" and the financial losses associated with these attacks are on the rise.

It is therefore integral that companies consider ATO-based email attack protection. By adding an extra layer of email security and integrating machine learning (ML) models, enterprises can benefit from the ability to detect attacks originating from all four compromised account types.

A next generation solution that integrates ML models is able to identify three key components of a potentially malicious email. As a result, the solution can easily detect threats by identifying mapping, employing behavioural analytics, and finally trust modelling.

Agari Advanced Threat Protection leverages the Agari Identity Graph, an advanced artificial intelligence and machine learning system. This ingests more than two trillion emails per year in order to detect threats effectively.

Over the next year, Agari predicts that attackers will be "highly motivated to increase their attack rate" due to the effectiveness of ATO and the subsequent lack of protections. As the number of ATO-based email attacks increase, it is vital that companies implement robust protection.

How are the motivations of bad actors changing? Dr. Andrew Aken, a leading voice in cybersecurity, offered his insights in a recent podcast