Hackread reports that thread hijacking against a major company in early August had been averted in real time by Darktrace's artificial intelligence technology.
Such an intrusion involved threat actors compromising a software-as-a-service user's email account to determine potentially exploitable conversations where they could deliver an email purporting to be a reply to a message about tax and payment details before establishing a new mailbox rule that would forward messages to an archive folder to conceal malicious activity. "This evasion technique is typically used to move any malicious emails or responses to a rarely opened folder, ensuring that the genuine account holder does not see replies to phishing emails or other malicious messages sent by attackers," said Darktrace, which was able to prevent attack escalation by deactivating the impacted user while providing a threat notification to the firm's SOC team and the customer to advance investigations into the incident.
