Now, Gmail is using deep learning to block malicious attachments
What's the story
Google has long been warning about the dangers of malicious email attachments - a common attack vector used by hackers looking to steal your personal/financial information.
The technique is one of the oldest in the book but has also been evolving rapidly.
This is why the internet giant is now using a deep learning-based solution to detect/block tainted attachments preemptively.
Here's all about it.
Risk
Benign-looking documents being used to target users
In addition to seemingly legit phishing emails, attackers also employ benign-looking attachments for downloading malware on your PC and then stealing its data.
The attachment could be any file, but according to Google's anti-abuse research leader Elie Bursztein, around 56% of threats come in the form of something we already know: Microsoft Office documents.
Meanwhile, just 2% of the threats come as infected PDFs.
Information
Malicious documents are rigged with macros
As per Google, the malicious Office documents in question are often rigged with unique macros or a series of automated commands. In the event you open such a document, the commands would execute and the malware desired by the hacker would be downloaded automatically.
Targets
Several industries targeted with rigged documents
Owing to the scale at which Office apps are used, rigged documents have led to several attacks in recent weeks, especially on government organizations and companies in transportation, utilities, and manufacturing industries.
What's even more worrying is the fact that 63% of the malicious documents flagged were different from those detected in the past; this means that the attackers are frequently evolving their techniques.
Solution
Dedicated deep learning-based document monitoring
To cope up with these rapid changes and effectively recognize patterns capable of identifying malicious documents, Google has upgraded its malware detection suite for Gmail with a dedicated deep learning-based 'document monitor'.
The tool works in addition to existing anti-malware, anti-spam, and anti-phishing efforts to detect new and old infected documents and prevent them from landing in a user's inbox in the first place.
Working
So far, it has been effective
The document monitor debuted at the end of last year, and has proven effective in flagging dangerous documents, per Google.
Specifically, the company claims, its deployment has increased the daily detection of malicious documents by 10%.
This might seem less but it is actually a lot, given that the tool is fairly new and faring against 300 billion attachments processed by Google every week.
Working
Scanner looks for red flags in documents shared
In order to decide if a file is malicious, Google's AI scanner looks for potential red flags in documents being shared.
This includes looking into macros as well as purposefully hidden file components and small, albeit suspicious, changes in lines of code.
Notably, Google also says that the working of the tool has increased the detection of "adversarial, bursty attacks" by a significant 150%.
Quote
Here's what Bursztein said about the scanner's work
"Ten percent matters," Bursztein told WIRED while adding that they are looking to boost the tool's capabilities. "We want to keep adding machine learning everywhere we can, where it makes sense. We try to use it as an extra layer rather than the only layer."