www.darkreading.com Open in urlscan Pro
2606:4700::6812:6b2f  Public Scan

Form analysis
0 forms found in the DOM

Text Content

Dark Reading is part of the Informa Tech Division of Informa PLC
Informa PLC|ABOUT US|INVESTOR RELATIONS|TALENT
This site is operated by a business or businesses owned by Informa PLC and all
copyright resides with them. Informa PLC's registered office is 5 Howick Place,
London SW1P 1WG. Registered in England and Wales and Scotlan. Number 8860726.

Black Hat NewsOmdia Cybersecurity

Newsletter Sign-Up

Newsletter Sign-Up

Cybersecurity Topics

RELATED TOPICS

 * Application Security
 * Cybersecurity Careers
 * Cloud Security
 * Cyber Risk
 * Cyberattacks & Data Breaches
 * Cybersecurity Analytics
 * Cybersecurity Operations
 * Data Privacy
 * Endpoint Security
 * ICS/OT Security

 * Identity & Access Mgmt Security
 * Insider Threats
 * IoT
 * Mobile Security
 * Perimeter
 * Physical Security
 * Remote Workforce
 * Threat Intelligence
 * Vulnerabilities & Threats


World

RELATED TOPICS

 * DR Global

 * Middle East & Africa

See All
The Edge
DR Technology
Events

RELATED TOPICS

 * Upcoming Events

 * Webinars

SEE ALL
Resources

RELATED TOPICS

 * Library
 * Newsletters
 * Reports
 * Videos
 * Webinars
 * Whitepapers

 * 
 * 
 * 
 * 
 * Partner Perspectives:
 * > Microsoft

SEE ALL


 * Сloud Security
 * Cyber Risk
 * Cyberattacks & Data Breaches
 * Cybersecurity Operations


'CONVERSATION OVERFLOW' CYBERATTACKS BYPASS AI SECURITY TO TARGET EXECS

Credential-stealing emails are getting past artificial intelligence's "known
good" email security controls by cloaking malicious payloads within seemingly
benign emails. The tactic poses a significant threat to enterprise networks.

Nathan Eddy, Contributing Writer

March 19, 2024

4 Min Read
Source: Blackboard via Alamy Stock Photo


A novel cyberattack method dubbed "Conversation Overflow" has surfaced,
attempting to get credential-harvesting phishing emails past artificial
intelligence (AI)- and machine learning (ML)-enabled security platforms.

The emails can escape AI/ML algorithms' threat detection through use of hidden
text designed to mimic legitimate communication, according to SlashNext threat
researchers, who released an analysis on the tactic today. They noted that it's
being used in a spate of attacks in what appears to be a test-driving exercise
on the part of the bad actors, to probe for ways to get around advanced cyber
defenses.



As opposed to traditional security controls, which rely on detecting "known bad"
signatures, AI/ML algorithms rely on identifying deviations from "known good"
communication.

So, the attack works like this: cybercriminals craft emails with two distinct
parts; a visible section prompting the recipient to click a link or send
information, and a concealed portion containing benign text intended to deceive
AI/ML algorithms by mimicking "known good" communication.



The goal is to convince the controls that the message is a normal exchange, with
attackers betting humans won't scroll down four blank pages to the bottom to see
the unrelated fake conversation meant for AI/ML's eyes only.

In this way, the assailants can trick systems into categorizing the entire email
and any subsequent replies as safe, thus allowing the attack to reach users'
inboxes.

Once these attacks bypass security measures, cybercriminals can then use the
same email conversation to deliver authentic-looking messages requesting that
executives reauthenticate passwords and logins, facilitating credential theft.




EXPLOITING "KNOWN GOOD" ANOMALY DETECTION IN MLS

Stephen Kowski, field CTO for SlashNext, says the emergence of Conversation
Overflow" attacks underscores cybercriminals' adaptability in circumventing
advanced security measures, particularly in the era of AI security.

"I've seen this attack style only once before in early 2023, but I’m now seeing
it more often and in different environments," he explains. "When I find these,
they are targeting upper management and executives."



He points out that phishing is a business, so attackers want to be efficient
with their own time and resources, targeting accounts with the most access or
most implied authority possible.

Kowski says this attack vector should be seen as more dangerous than the average
phishing attempt because it exploits weak points in new, highly effective
technologies that companies might not be aware of. That leaves a gap that
cybercriminals can rush to take advantage of before IT departments cop on.

"In effect, these attackers are doing their own penetration tests on
organizations all the time for their own purposes to see what will and won't
work reliably," he says. "Look at the massive spike in QR code phishing six
months ago — they found a weak point in many tools and tried to exploit it fast
everywhere."

And indeed, use of QR codes to deliver malicious payloads jumped in Q4 2023,
especially against executives, who saw 42 times more QR code phishing than the
average employee.

The emergence of such tactics suggests constant vigilance is needed — and Kowski
points out no technology is perfect, and there is no finish line.

"When this threat is well understood and mitigated all the time, malicious
actors will focus on a different method," he says.


USING AI TO FIGHT AI THREATS

Kowski advises security teams to respond by actively running their own
evaluations and testing with tools to find "unknown unknowns" in their
environments.



"They can't assume their vendor or tool of choice, while effective at the time
they acquired it, will remain effective in time," he cautions. "We expect
attackers to continue to be attackers, to innovate, pivot, and shift their
tactics."

He adds that attack techniques are likely to become more creative, and as email
becomes more secure, attackers are already shifting their attacks to new
environments, including SMS or Teams chat.

Kowski says investment in cybersecurity solutions leveraging ML and AI will be
required to combat AI-powered threats, explaining the volume of attacks is too
high and ever-increasing.

"The economies of the security world necessarily requires investment into
platforms that allow relatively expensive [human] resources to do more with
less," he says. "We rarely hear from security teams that they are getting a
bunch of new people to address these growing concerns."




ABOUT THE AUTHOR(S)

Nathan Eddy, Contributing Writer



Nathan Eddy is a freelance journalist and award-winning documentary filmmaker
specializing in IT security, autonomous vehicle technology, customer experience
technology, and architecture and urban planning. A graduate of Northwestern
University’s Medill School of Journalism, Nathan currently lives in Berlin,
Germany.

See more from Nathan Eddy, Contributing Writer
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities,
data breach information, and emerging trends. Delivered daily or weekly right to
your email inbox.

Subscribe

You May Also Like

--------------------------------------------------------------------------------

Сloud Security

Saudi Arabia Arms Public Sector With Google Cloud Services
Сloud Security

Novel Google Cloud RAT Uses Calendar Events for C2
Сloud Security

Amazon Quietly Wades Into the Passkey Waters
Сloud Security

More Than Half of Browser Extensions Pose Security Risks
More Insights
Webinars

 * Unleash the Power of Gen AI for Application Development, Securely
   
   March 19, 2024

 * The Anatomy of a Ransomware Attack, Revealed
   
   March 20, 2024

 * How To Optimize and Accelerate Cybersecurity Initiatives for Your Business
   
   March 26, 2024

 * Building a Modern Endpoint Strategy for 2024 and Beyond
   
   March 27, 2024

 * Building a Modern Endpoint Strategy for 2024 and Beyond
   
   March 27, 2024

More Webinars
Events

 * CYBERSECURITY’S HOTTEST NEW TECHNOLOGIES: WHAT YOU NEED TO KNOW
   
   March 21, 2024

 * Cybersecurity's Hottest New Technologies - Dark Reading March 21 Event
   
   March 21, 2024

 * Black Hat Asia - April 16-19 - Learn More
   
   April 16, 2024

More Events



EDITOR'S CHOICE

A mobile device with a red screen on which is a triangle with an exclamation
point in the middle
Endpoint Security
Sophisticated Vishing Campaigns Take World by StormSophisticated Vishing
Campaigns Take World by Storm
byElizabeth Montalbano, Contributing Writer
Mar 11, 2024
5 Min Read

A green goblin in a cloak sticks his tongue out amid binary code
Threat Intelligence
'Magnet Goblin' Exploits Ivanti 1-Day Bug in Mere Hours'Magnet Goblin' Exploits
Ivanti 1-Day Bug in Mere Hours
byNate Nelson, Contributing Writer
Mar 12, 2024
3 Min Read
Finger touching the word AI against a dark background
Cyber Risk
Google's Gemini AI Vulnerable to Content ManipulationGoogle's Gemini AI
Vulnerable to Content Manipulation
byJai Vijayan, Contributing Writer
Mar 12, 2024
5 Min Read

cyberattacker in a hoodie, red tint
Threat Intelligence
Typosquatting Wave Shows No Signs of AbatingTyposquatting Wave Shows No Signs of
Abating
byDavid Strom
Mar 11, 2024
6 Min Read
Reports

 * Industrial Networks in the Age of Digitalization

 * Zero-Trust Adoption Driven by Data Protection

 * How Enterprises Assess Their Cyber-Risk

 * Cloud & Hybrid Security Tooling Report

 * State of the Intelligent Information Management Industry in 2021

More Reports
White Papers

 * Collective defense is more important than ever--is your workforce ready?

 * Cheat Sheet - 5 Strategic Security Checkpoints

 * Causes and Consequences of IT and OT Convergence

 * Stopping Active Adversaries: Lessons from the Cyber Frontline

 * Zero Trust Access For Dummies, 2nd Fortinet Special Edition

More Whitepapers
Events

 * CYBERSECURITY’S HOTTEST NEW TECHNOLOGIES: WHAT YOU NEED TO KNOW
   
   March 21, 2024

 * Cybersecurity's Hottest New Technologies - Dark Reading March 21 Event
   
   March 21, 2024

 * Black Hat Asia - April 16-19 - Learn More
   
   April 16, 2024

More Events





DISCOVER MORE WITH INFORMA TECH

Black HatOmdia

WORKING WITH US

About UsAdvertiseReprints

JOIN US


Newsletter Sign-Up

FOLLOW US



Copyright © 2024 Informa PLC Informa UK Limited is a company registered in
England and Wales with company number 1072954 whose registered office is 5
Howick Place, London, SW1P 1WG.

Home|Cookie Policy|Privacy|Terms of Use

Cookies Button


ABOUT COOKIES ON THIS SITE

We and our partners use cookies to enhance your website experience, learn how
our site is used, offer personalised features, measure the effectiveness of our
services, and tailor content and ads to your interests while you navigate on the
web or interact with us across devices. You can choose to accept all of these
cookies or only essential cookies. To learn more or manage your preferences,
click “Settings”. For further information about the data we collect from you,
please see our Privacy Policy

Accept All
Settings



COOKIE PREFERENCE CENTER

When you visit any website, it may store or retrieve information on your
browser, mostly in the form of cookies. This information might be about you,
your preferences or your device and is mostly used to make the site work as you
expect it to. The information does not usually directly identify you, but it can
give you a more personalized web experience. Because we respect your right to
privacy, you can choose not to allow some types of cookies. Click on the
different category headings to find out more and change our default settings.
However, blocking some types of cookies may impact your experience of the site
and the services we are able to offer.
More information
Allow All


MANAGE CONSENT PREFERENCES

STRICTLY NECESSARY COOKIES

Always Active

These cookies are necessary for the website to function and cannot be switched
off in our systems. They are usually only set in response to actions made by you
which amount to a request for services, such as setting your privacy
preferences, logging in or filling in forms.    You can set your browser to
block or alert you about these cookies, but some parts of the site will not then
work. These cookies do not store any personally identifiable information.

Cookies Details‎

PERFORMANCE COOKIES

Performance Cookies

These cookies allow us to count visits and traffic sources so we can measure and
improve the performance of our site. They help us to know which pages are the
most and least popular and see how visitors move around the site.    All
information these cookies collect is aggregated and therefore anonymous. If you
do not allow these cookies we will not know when you have visited our site, and
will not be able to monitor its performance.

Cookies Details‎

FUNCTIONAL COOKIES

Functional Cookies

These cookies enable the website to provide enhanced functionality and
personalisation. They may be set by us or by third party providers whose
services we have added to our pages.    If you do not allow these cookies then
some or all of these services may not function properly.

Cookies Details‎

TARGETING COOKIES

Targeting Cookies

These cookies may be set through our site by our advertising partners. They may
be used by those companies to build a profile of your interests and show you
relevant adverts on other sites.    They do not store directly personal
information, but are based on uniquely identifying your browser and internet
device. If you do not allow these cookies, you will experience less targeted
advertising.

Cookies Details‎
Back Button


BACK



Search Icon
Filter Icon

Clear
checkbox label label
Apply Cancel
Consent Leg.Interest
checkbox label label
checkbox label label
checkbox label label

 * 
   
   View Cookies
   
    * Name
      cookie name

Confirm My Choices