The recent phishing fiasco involving Hillary Clinton campaign chairman John Podesta hoodwinked even the IT staff of the campaign. It goes on to show how vulnerable traditional security systems can be to advanced attacks. This interview tackles some of the current developments in email fraud prevention and related topics.
Sramana Mitra: Let’s start by introducing our audience to yourself as well as your company.
Markus Jakobsson: I am the Chief Scientist at Agari. Agari is a company that addresses email-based threats. The threats being things like cyber attacks mounted over the last few years and intensified. John Podesta’s suffering is one example. Business email compromise attacks is another one. A third one is ransomware. That’s the spectrum of attacks that Agari addresses.
Agari protects about 10 billion emails a day. It has two types of customers. There are the customers who want to preserve and protect their brand name to avoid attackers from using their addresses and names. The other product is to protect organizations from being attacked. For example, getting emails from the CEO to the CFO asking for information or fund transfers.
This is a trend that the FBI and the IC3 has followed over the last few years. Between 2013 and 2014, that type of abuse increased by 270%. People are shocked because that’s a huge transformative type of change in terms of security. Then the next year and a half, it increased by 1,300%. We see this dramatic increase of the threat.
There are two main reasons. One is psychological threat. It makes it appear to recipients that they are dealing with somebody they trust and have a working relationship with. That person is asking for guidance or information. Traditional filters don’t work. For example, the traditional spam filter would look for keywords like Viagra. They would look for tremendous volumes like one account sending a million emails in one day. That would be an indication that this is an account that is used for spam.
That is not what’s happening in these attacks. They are very low-volume and targeted. What traditional phishing filters do is look for URLs that have sudden spikes. For example, if there’s one URL that is sent 100,000 times in a day, that is cause for concern. That may be a phishing URL. Again, that is not what these attacks are about. They are low-volume. They don’t reuse things and they customize content. That means that many old school filters simply don’t work.
That leaves these attackers with vulnerable victims who have vulnerable infrastructure. This is exactly what Agari is addressing. We have filters that don’t do it the traditional way. We don’t chase the evil. We instead identify the good. Our technology learns what is a good email and then learns to recognize it and single it out. Anything that departs from that is given extra scrutiny. That’s how we detect these types of attacks. That is a little bit about the company.