Since the outbreak of the COVID-19 pandemic forced many businesses around the Middle East to close their offices and abruptly transition to remote working, email phishing attacks have increased both in number and sophistication. This concerning new trend has put the topic of email security as a top priority for many businesses in the region.
According to Mimecast, a provider of cloud cybersecurity services for email, employees now click on three times as many malicious emails as they did before the term “social distancing” entered our collective lexicon.
Determined to better protect its customers against this growing threat, Mimecast has just launched a new artificial intelligence (AI)-enabled tool for email security, called CyberGraph. The tool promises to keep email phishing attacks at bay using machine learning algorithms capable of detecting anomalous behaviors that could be indicative of a malicious email.
“CyberGraph leverages our AI and machine learning technologies to help keep employees one step ahead with real-time warnings, directly at the point of risk,” explains Josh Douglas, threat intelligence lead at Mimecast. “Phishing and impersonation attacks are getting more sophisticated, personalized, and harder to stop. If not prevented, these attacks can have devastating results for an enterprise organization. Security controls need to be constantly updated and improved to outsmart threat actors,” he added.
Whenever CyberGraph determines an email message to be malicious, it displays a color-coded contextual warning banner to warn the user and encourage them to take the right action, such as mark the email as spam.
In addition to its ability to distinguish malicious email messages from legitimate ones, CyberGraph can also disarm trackers embedded in emails to keep unauthorized third parties from getting their hands on information that could be used to orchestrate highly targeted phishing attacks.
Like other cybersecurity solutions powered by machine learning algorithms, CyberGraph’s effectiveness will keep improving over time as more users adopt it to protect their inboxes.
LastPass Has Revealed Yet Another Security Breach
It’s been revealed that the popular password manager was hacked using intel gained from a previous August 2022 attack.
The CEO of LastPass, Karim Toubba, has revealed that the leading password manager has suffered another serious data breach. Toubba said that LastPass engineers detected unusual activity from a third-party cloud storage service in August 2022 — a service shared with parent company GoTo, which readers may remember by its former name of LogMeIn.
Security firm Mandiant was hired to investigate the suspicious incident, and together, they uncovered that the unauthorized person(s) gained access to LastPass cloud services using information obtained from a previous security breach in August of this year. The latest incident is thought to be rather serious, giving the criminal party access to “certain elements” of customer information.
When the password manager’s systems were breached back in August, Toubba says that after an investigation, the unauthorized party was found to have had internal access to LastPass systems for four days. The hacker was able to steal source code and some technical information, but security engineers said customer data and password vaults remained safe.
In a separate but related announcement, parent company GoTo has admitted that hackers gained entry into its own development environment of remote work tools. Echoing the statement from LastPass, GoTo has assured customers that its services are functioning fine despite the data breach. Both LastPass and its parent company are still investigating the scope of the incidents, and we’ll likely hear more details over the coming months.