Mimecast Miss Leads to Email Attack.
What happened when a Mimecast miss led to a wide scale email compromise? This video explains how an email attack on an Australian logistics company evaded traditional email security tools, but was detected by Darktrace’s Artificial Intelligence.
Darktrace is a world leader in Autonomous Cyber AI, having created the first, at-scale deployment of artificial intelligence for the enterprise. Developed by mathematicians, Darktrace uses self-learning AI algorithms to detect and neutralize cyber threats across diverse digital estates, including the cloud and networks, IoT and industrial control systems.
The company is headquartered in Cambridge, UK and has over 4,700 customers worldwide.
When a logistics company decided to trial Antigena Email, Darktrace immediately detected that the organization was under sustained attack. A cyber-criminal had performed account hijacks on a number of their trusted suppliers and partners, and had sent out several tailored emails from these accounts to the company which slipped through the gateway.
Each contained the same subject line, ‘Request for Proposal’, followed by the company name. Antigena Email was in passive mode so the attack was not shut down in its earliest stages, but we can see from these hold icons the action it would have taken.
Darktrace detected that fifteen of these emails were opened and one employee clicked on a malicious link which led them to a fake Microsoft login page and prompted them to enter their credentials. Three hours later, Darktrace detected an anomalous SaaS login from an IP address not seen across the business before.
It then detected that an anonymous sharing link was created for a password file. The following day, the attacker sent out further malicious emails from this account to trusted business associates using the same methodology as before, sending fake and targeted RFPs in an attempt to compromise more credentials.
Darktrace’s SaaS module identified this anomalous behavior, graphically revealing that the attacker sent out over 1,600 tailored emails over the course of just 25 minutes. The managed security service provider running this organization’s cloud security was completely unaware of this incident, however with its Microsoft 365 SaaS module working alongside Antigena Email, Darktrace gave the security team full visibility of the account takeover.