Trend Micro announced the new technology "Writing Style DNA" for business email fraud (BEC: BEC: Business EMAIL COMPROMISE) on January 29, and the service "Trend Micro Cloud Security" is a service for cloud applications equipped with the same technology.It was announced that the response to Office 365 will start on February 15 (Japanese support is scheduled for the second half of 2019).
Writing Style DNA is a new technology that analyzes the habits of mail creators with AI technology and prevent spoofing emails.About 7000 kinds of emails (500-800), which are likely to be BEC, such as executives and accounting managers, such as the frequency of uppercase use, length of text, and blank use are AI.Learn.
By collecting the reception email based on the results of the learning, the spinning email is detected and the recipient and the administrator are suspected of BEC if they are suspected of a business email fraud.It is said that the damage will be prevented.
BEC has been damaged by multiple organizations in Japan and overseas, and in the company's survey, 39 of the domestic corporation organization..It has been found that 4%has experience receiving emails to deceive money and specific information.
According to Kentaro Miyazaki, Director of Enterprise Solutions Department, Trend Micro Business Marketing Headquarters, "BEC is a two representative attack that sends a fake remittance instruction email as an executive executive, and a business partner and spoofing a fake invoice.There is a scenario, "he pointed out.
As an example of the flow of BEC, 1) Cyber criminals collect information on target companies, 2) Cyber criminals will be executive executives or business partners of the target company.Companies have cited money and sending information, and Japanese BECs have already been confirmed.
The tricks in the information gathering phase of target companies include phishing and key logger.In fishing, a phishing email is sent to a company that uses cloud mail services, and the fake site the e -mail account certification information.The key logger infects the key logger on the target terminal and obtains the certification information and internal information of the email account.
In addition, in the spoofing email transmission phase, it is easy to take over the person's email account, based on internal information based on internal information and business partner information that conduct sufficient prior surveys, and public information that does not work hard in advance surveys.There are two types, Nanari Simashi.
In these spoofing emails, the domain of the mail sender often uses similar domains to the regular domain, and the email subject is an urgency, such as "Please respond as soon as possible" and "urgent request".The content that can be seen is used.
In addition, the e -mail text is urgently necessary to remittance processing, so it urgently implements it, and the post of mail senders will be impacted in the organization and will send fraudulent emails.
As a countermeasure for BEC, Mr. Miyazaki states that "it is important to take measures from both organizational measures and technical measures."As a systematic countermeasure, the company should implement in -house policies related to remittance processing, development of approval and processing processes, processing processes for transfer destination change procedures, and education for employees.
As a technical measure, the company has previously provided effective technologies for BECs, and in the information collection phase, in addition to the access blocks to the fraudulent site as an email and web security, the URL, file sandbox analysis, fake.Detection of login screen detection, unauthorized programs and vulnerability attacks provide server, client endpoint protection, vulnerability measures, internal network monitoring, etc.On the other hand, in the Sashimashi mail transmission phase, e -mail security includes sender domain authentication, sender information fraud, and similar domains.
However, Mr. Miyazaki said, "The e -mail transmission phase technology is not 100%, for example, if the sender domain authentication is registered as a imitation domain, it can send a spoofed email. Also multiple elements.Snap (Social Engineering Attack Protection), which comprehensively determines and detects suspicious emails, is applied to the gateway product but there is no suspicious point in the sender information, but to deal with all cases.Show that it is difficult.
Therefore, we have developed Writing Style DNA as a technology to detect spoofing emails for those that cannot respond to these.The learning flow first collects features from the sent sentence of the target account, learns the habit of writing, and generates a model.He explained, "I will learn the characteristics, not the text. I will send an email with a warning when receiving an email that is different from the usual characteristics."
First of all, in addition to Office 365 compatible, the "Interscan for Microsoft Exchange" compatible product for Microsoft Exchange Server "Interscan for Microsoft Exchange" is scheduled for February 18, and Gmail compatible is scheduled for the second quarter of 2019.There is no charge.
Finally, Mr. Miyazaki said, "Technical measures are important to make use of the strengths of each technology and make up for the weaknesses, and there is no suspicious point in the sender information, and analyze the habit of writing e -mails for clever spoofing.The countermeasures were effective. "