Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/31/2017
03:15 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

Google Arms Gmail Security with Machine Learning

Google rolls out four security updates to protect enterprise Gmail accounts from phishing, data loss, and other threats.

Google is adding four new security measures to protect Gmail business users from spam, phishing, data loss, ransomware, and other workplace security threats.

"Email attacks are constantly evolving, and the email attack vector is by far the preferred way for attackers to gain access to enterprise data," says Gmail product manager Sri Somanchi. "We see all kinds of attacks, including phishing, malware, and ransomware attacks."

Machine learning is a common theme in today's updates. Google reports about 50-70% of the messages Gmail receives are spam, and machine learning helps block it with over 99.9% accuracy. It's aiming to weed out spam with early phishing detection, Google's machine learning model used to selectively delay messages for phishing analysis.

The system learns by comparing genuine messages with a similar pool of fake emails, Somanchi explains. It tracks attributes of each message to find details that differentiate suspicious from legitimate mails, and uses those indicators to perform future phishing checks.

Gmail's phishing detection models integrate with Google Safe Browsing, a machine learning model for detecting phishy URLs. The two models combine techniques, like URL reputation and similarity analysis, to enable URL click-time warnings for malware links. The machine learning systems adapt as they find new patterns with the idea of improving accuracy.

Unintended external reply warnings are intended to help users think twice before sending sensitive data to third parties. If someone tries to respond to someone outside the company domain, they see a warning to verify whether they intended to send that email.

"Using forged emails to target enterprise users to reply with sensitive data has become an increasingly common phishing scam," Somanchi says.

Contextual intelligence determines whether the recipient is an existing or regular contact, so warnings are not displayed unnecessarily. Given the potentially severe consequences of phishing attacks, he continues, the warnings are set by default and can only be disabled by an administrator.

Google notes that it has also implemented defenses against ransomware and polymorphic malware.

"We correlate spam signals with attachment and sender heuristics, to predict messages containing new and unseen malware variants," Somanchi explains. "These protections enable Gmail to better protect our users from zero-day threats, ransomware and polymorphic malware."

All of these features will be available to enterprise users over the next one- to three days. All are also available to consumers, with the exception of unintended external reply warnings.

Today's rollout arrives nearly one month after a Google Doc phishing attack scammed more than one million users. Victims were tricked into clicking a link that enabled access to their Google Drive through OAuth authentication connections, giving the attacker permission to act on behalf of their account.

It also follows Google's February publication of data highlighting security threats putting organizations at risk. Research found attackers send 4.3 times more malware, 6.2 times more phishing emails, and 0.4 times as much spam, to corporate inboxes than to personal email addresses.

Related Content:

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
BPID Security
50%
50%
BPID Security,
User Rank: Strategist
6/1/2017 | 12:38:34 PM
Privacy v. some benefit?
It seems that Google is reading my mail and this is supposed to be a good thing?

If the government read your mail to keep you from getting "junk mail" you would be up in arms. but because it is Google and people do not take the time to learn their tech then it's OK for them to filter based on content.

The fact that Gmail publically states they read your mail, regardless of the benefit (protecting people from their own stupidity) in not a reason to rejoice.

Here is a heuristic tip you can include in your own filtering: "read the fine print". you'll make better decisions than a computer.

 
JulietteRizkallah
50%
50%
JulietteRizkallah,
User Rank: Ninja
6/6/2017 | 4:04:48 PM
New attack vector is unstructured data
This is welcome news from Google as we will see an increasing amount of breaches through emails which carry many sensitive unstructured data ( think board presentations attached to a gmail account of a Board member).
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...