Email Security. PHOTO: Cybercrime Magazine.

Who’s More Sophisticated — Hackers Or Your Security?

Keeping ahead in an ongoing back-and-forth battle

Gil Friedrich

New York City, N.Y. – Jun. 25, 2021

We see, in real-time, how hackers respond to new protections put out by Microsoft, Google, and Secure Email Gateways. We have a fascinating perch from which to watch this cat-and-mouse game, how hackers respond to new security protections, how security systems respond in kind, and on and on it goes.

Hackers are incredibly good at responding to exploits within systems. In a recent attack we uncovered, which took advantage of an exploit within Google Docs to easily create and send out phishing websites, we noticed how the hackers tried to bypass static link scanners. To do this, they host their attacks on publicly known services. Google Docs is a big one, of course, and we’ve seen similar tactics leveraging services like MailGun and FlipSnack.

We’ve seen how attackers use automated methods to generate email addresses that end in the onmicrosoft.com domain. This is a clever way to try and bypass any email filters that may have onmicrosoft.com Allow Listed.

We’ve watched hackers send emails to group email accounts — think sales@company.com — so that they can ensure the phishing message gets to as many recipients as possible. We’ve noticed how hackers have resorted to using obscure files, like a .dat file, to hide malicious content. Synonyms have become popular ways to get past scanners; so have obfuscation methods like using the unescape function or inserting characters as Zero Font.



The list of creative — and often successful — methods to bypass traditional scanners are long and fairly impressive. It shows the lengths that threat actors are willing to go to ensure delivery into the inbox, to ensure someone clicks on a phishing link or downloads a malicious file.

It also shows, quite clearly, that the old ways of doing things aren’t working. An ongoing back-and-forth battle, with a patch working for a moment, only to be figured out by hackers, then having to deploy another one, is not what constitutes a security solution.

What, then, should an ideal security solution possess to guard against this ever-increasing cyber arms race?

First, we’ve seen time and time again that the days of rules and signature-based solutions are just not equipped to effectively prevent these advanced threats. According to our research, for today’s phishing threats, 51 percent require advanced artificial intelligence and machine learning to identify and stop.

To do so, you need a solution that understands the social graph, the people being emailed, and the internal context of an organization.  An organization needs a solution that can use AI to see and understand phishing language in an email’s subject and body. An organization needs a solution that detects encoded content, such as scripts to encode or decode Base64. A solution needs to be able to suss out low sender reputation or follow links with suspicious patterns. It should have engines for Natural Language Processing, Anomaly Detection, and internal emails.

In short, what’s needed is artificial intelligence and machine learning that learns from relationships between employees, historical emails, and communication patterns to build a custom threat profile that blocks specific attacks aimed at an organization.

As hackers increase the sophistication of their campaigns, security has to become more sophisticated with it. It’s no longer enough to play a cat-and-mouse game with hackers. It’s significantly better to stop them in their tracks.

Avanan Archives

Gil Friedrich is co-founder and CEO at Avanan.


About Avanan 

Avanan is a cloud email security platform that pioneered and patented a new approach to prevent sophisticated attacks. We use APIs to scan for phishing, malware, and data leakage in the line of communications traffic. This means we catch threats missed by Microsoft while adding a transparent layer of security for the entire suite and other collaboration tools like Slack.

Avanan catches the advanced attacks that evade default and advanced security tools. Its invisible, multi-layer security enables full-suite protection for cloud collaboration solutions such as Office 365™, G-Suite™, and Slack™.  The platform deploys in one click via API to prevent Business Email Compromise and block phishing, malware, data leakage, account takeover, and shadow IT across the enterprise. Avanan replaces the need for multiple tools to secure the entire cloud collaboration suite, with a patented solution that goes far beyond any other Cloud Email Security Supplement.