Email security

Thread hijacking intrusion thwarted by Darktrace

Share
AI and email

Hackread reports that thread hijacking against a major company in early August had been averted in real time by Darktrace's artificial intelligence technology.

Such an intrusion involved threat actors compromising a software-as-a-service user's email account to determine potentially exploitable conversations where they could deliver an email purporting to be a reply to a message about tax and payment details before establishing a new mailbox rule that would forward messages to an archive folder to conceal malicious activity. "This evasion technique is typically used to move any malicious emails or responses to a rarely opened folder, ensuring that the genuine account holder does not see replies to phishing emails or other malicious messages sent by attackers," said Darktrace, which was able to prevent attack escalation by deactivating the impacted user while providing a threat notification to the firm's SOC team and the customer to advance investigations into the incident.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.