To alleviate this growing problem of email scams, computer scientists have developed a prototype of a machine-learning based detector that automatically detects and stops lateral phishing attacks.

Whereas in the past attackers would send phishing scams from email accounts external to an organization, recently there’s been an explosion of email-borne scams in which an attackers compromise email accounts within organizations, and then uses those accounts to launch internal phishing emails to fellow employees — the kind of attacks known as lateral phishing.

And when a phishing email comes from an internal account, the vast majority of email security systems can’t stop it. Existing security systems largely detect cyber attacks that come from the outside, relying on signals like IP and domain reputation, which are ineffective when the email comes from an internal source. Lateral phishing attacks are also costly. FBI data show, for instance, that these cyberattacks caused more than $12 billion in losses between 2013-2018. And in the last two years, the attacks have resulted in an increase of 136 percent in losses.

To alleviate this growing problem, Data Science Institute member Asaf Cidon helped develop a prototype of a machine-learning based detector that automatically detects and stops lateral phishing attacks.

The detector uses several features to stop attacks, including detecting whether the recipient deviates from someone an employee would usually communicate with; whether the email’s text is similar to other known phishing attacks; and whether the link is anomalous. The detector can detect the vast majority of these attacks with a high precision rate and a low false positive rate — under four false positives for every one-million employee-sent emails.

Cidon was part of a research team that analyzed a dataset of 113 million employee-sent emails from nearly 100 businesses. They also characterized 147 lateral phishing incidents, each of which involved at least one phishing email. The study was conducted jointly with Barracuda Networks, a network security company that provided data on its customers to the researchers with the goal of developing a detector for lateral phishing.

Story Source: Materials provided by Data Science Institute at Columbia. Original written by Robert Florida. Note: Content may be edited for style and length.