Threat actors are constantly evolving their attack techniques to bypass machine learning security controls, and recent research from SlashNext has uncovered a new dangerous cyberattack method in the wild. This new type of attack utilizes cloaked emails to deceive machine learning tools into accepting malicious payloads, which then infiltrate enterprise networks for credential theft and data harvesting.
Dubbed Conversation Overflow attacks by the SlashNext research team, this tactic involves sending emails with two distinct parts – one designed for the recipient to see and another hidden section filled with benign text intended to trick machine learning algorithms. By including this hidden text that mimics legitimate communication, threat actors are able to bypass AI and ML security platforms that focus on deviations from known good behavior.
Once the security protections are circumvented, attackers can deliver credential theft messages disguised as legitimate requests for reauthentication, particularly targeting top executives. This stolen private data can be sold on dark web forums for profit. The attackers are manipulating sophisticated AI and ML engines with this technique, indicating a shift in cybercriminal tactics in the age of AI security.
It is crucial for organizations to be aware of these evolving threats and to continually update their security measures to combat such attacks effectively. The SlashNext research team will continue to monitor for Conversation Overflow attacks and the emergence of new toolkits utilizing this method on the Dark Web. With cyber crooks constantly refining their tactics, staying vigilant and proactive in cybersecurity efforts is paramount in safeguarding sensitive information and data.
