Sponsored: Sublime Security on the spam/email bomb problem

A

Foreign. This is Katalin Campano and this is a Risky Business sponsor interview with Bobby Filer, head of machine learning at Sublime Security. Welcome, Bobby.

B

Hey, thanks for having me, Bobby.

A

Let's start first with the basics. Sublime Security is an email security company whose products revolve around the novel concept of a scripting and detection engine that's sit right in your inbox rather than sit on a wire or on an email gateway. Emails come in, Sublime scans them and then warns customers of various threats based on some pre built detection rules. It obviously gives companies much more deeper access in securing email systems than your classic email software because of this interaction component, because of the scripting engine, and because it also sits in your inbox closer to the user.

B

Yeah.

A

Now in this, in this interview, Bobby, you're going to talk about a new feature that Sublime is working on right now. It's a feature for detecting email bombs or spam bombs. Now let me explain this first. So an email spam bomb, since I kind of was on the end of two of these in the past, is when you have a threat actor who uses some sort of script and subscribes your email to a bunch of newsletters and then you start receiving spam, not stop for days, months, weeks, years until you unsubscribe from all of those. But there's another type of email spam bomb which has caught on with some threat actors I think at the end of last year I know of reports of the BLKBASTA ransomware using it and I think as recently the 3am ransomware gang are using it also where they select an employee inside a company and then they send that employee loads of emails, usually with a secure team, like someone's trying to compromise your account, they flood him with emails and then they call him, pretending to be a support desk, employing hey look, we are a secure account. Please run this tool on your system and you basically compromise yourself. They have an initial access in your company. So that too is also classified as a email spam bomb, even if it's a little different. It's more like a social engineering version of the older classic spam bomb. So Bobby, tell me, how exactly does this new feature work with Sublime?

B

I think you've touched upon a couple of things that's pretty interesting. And yeah, the impetus behind building this feature is exactly what you said, right? You log in first thing in the morning one day and you're dreading seeing two or three emails in your inbox and there are suddenly thousands and that constant number rising of your inbox Unread count going up and you know, it's enough to soften the target enough where they're more ripe for a social engineering attack. So we've seen situations where, as you said, an operator or attacker makes a phone call to the person who's under duress and attempts to coerce them to give them remote access. We've also seen like teams invites leverage, where you contact them through a non email communication vector like Microsoft Teams. You initiate a phone call, you think you're talking to it, and really the attack kind of starts there. For Sublime and I think a lot of email security products, this is an interesting use case because it's not necessarily malicious or phishing emails hitting your inbox, right? They're all inherently benign, grayish, maybe a little spammy. But most of these tools, Sublime included, is looking at messages one at a time for the most part, and attempting to pick up on anomalous or malicious indicators. And so when we started hearing from potential customers about email bombs kind of hitting their environment, we started thinking about, well, how can we solve this in a way that still provides kind of the core Sublime experience, that sort of granular control that you mentioned in the opening. And what we did is we sat down with our detection team, our ML team, and our engineering team and said, all right, what sort of tools do we have at our disposal to tackle this? And engineering came back and said, we have a lot of historical data for a given organization down to the individual mailbox level. What can we do with that? One of our ML researchers, Anna Bertiger, was like, well, you know, what we should be doing is not just identifying the spike of messages, right? We need to identify what is normal for a user. So in the world of machine learning, and particularly in security and catalyn, you've been doing this for a long time. For the most part, machine learning models come out and they're a global representation of good and bad, anomalous and normal. And so what we decided to do is kind of flip that problem on its head and really tackle it at the individual level and build individual models kind of on the fly. So we go back 30 days to establish, all right, what is normal from a volume velocity and diversity of messages hitting inbox A, knowing that inbox B and C are going to be a little bit different. And by using this with some statistical anomaly detection methods, we were able to more confidently deliver a verdict of, hey, we believe an email bomb is occurring. Identifying that initial spike. At that point, we can kind of follow the bomb over the period of minutes or whatever temporal cadence you're kind of interested in. And we can start to identify when the email bomb starts to taper off. And for a lot of these you mentioned, like email bombs could take months to do. The full unsubscribe, you know, we're interested in is identifying that initial spike and sustained period of messaging so we can pull those messages kind of out of the inbox and analyze them. And the analysis part, I think is where Sublime really shines. It kind of gives you that ability to handle the messages in your own way, in a way that makes sense for your organization. So what do we mean by that? It's more about if the messages are gray mail or newsletters as you mentioned being hit by. We have machine learning models to identify topics or mass mailing infrastructure to determine whether or not these are things that you've signed up for in the past, if they previously been observed in your environment, and know whether or not to allow those back into your inbox. Maybe they are something important that you signed up for or need or, or fully remove them. Quarantine, delete, move to spam, what have you. And that's really the core kind of email bomb capability that we are delivering here is identification of the spike, moving it aside, alerting the security organization. The security organization at that point can allow our platform to help remediate while they contact the end user and let them know that hey, a bomb was detected. Please be aware that you may be contacted by parties outside of this organization. Don't accept any random team invites, anything like that. And that's how we can kind of detect and stop these threats in real time.

A

So that's the AI part of the feature. Because I was wondering what the head of machine learning was doing presenting this feature. Yeah, because I think I remember there were a few Chrome extensions that would detect the same thing, but they didn't use AI. And I see that. Why would you use AI? Because you have a topic based analysis of the content. Because you can just grab all recent emails and move them to spam. You need a topic analysis of the content. Like if you work in a tech support company and you start receiving lots of emails about plush toys, it's obviously you're being spam bombed. But you still want to allow those regular emails that were coming in to continue coming in. Right, Because AI would detect known email addresses and let them through.

B

Right, exactly. So there's kind of the language modeling piece which we touched on topic modeling, detecting threats or urgency, things like that. But then there's the behavioral machine learning piece. So trying to identify through sender graphs within the mailbox and the greater organization whether or not messages found within the email bomb spike that sort of window, whether or not they belong back in the inbox because they're normal messages or not. And I think that part is really interesting and helps security organizations kind of remediate these potential threats as quickly as possible. Leveraging sort of technology that makes sense, being able to tag and categorize messages. So you can say messages like X go into spam quarantine messages like why we can. We can slowly reintroduce those back in the inbox.

A

Perfect. Because I was thinking those old Chrome extensions that did this were more like access. We just cut everything. Also destroy your inbox just as the email spam bomb. Now I was wondering about the second part, what I've described earlier in the interview. You told me this feature is currently in beta. You're testing with a few closed customers. Have any of those customers received an email spam bomb that was designed for initial access? Like those specific cases where they bombard just one employee and then social engineer him?

B

It has encountered a few different spam bombs we have not observed in our interactions with design partners and beta users. There's a situation where an attacker is trying to take the conversation to a different communication factor and try to gain initial access that way. One of the more interesting use cases we've seen is we have a customer that's one of the biggest news organizations in the world and you could imagine they put out a piece of content that is partisan, makes one side very, very upset, which leads to a rash of bot generated hate mail basically. And kind of interspersed in that is a lot of messages threatening violence, talking about where the people live. Like you could imagine, it's highly threatening. It would be very, very disturbing to receive as an end user in your inbox. So we didn't necessarily think about that right off the bat as we were building this feature out. Right. This is a situation where the sublime kind of control narrative comes into play. This design partner got a hold of it, they started building their own sort of automations. So email bomb detected in automation allows you to execute arbitrary or custom mql, the query or scripting language you messed up mentioned at the start. And what they did is they leveraged several ML tools kind of in parallel to say, hey, if this comes in, it's a spam bomb or mailbomb and there's highly threatening language. We want to pull that information out, we want to Help categorize to potentially prepare it for any sort of like additional investigation that may be required. And I think stories like that are going to become more and more prevalent. Right. Like, it's not necessarily just the ransomware aspect or gaining initial access. It could be just a traditional denial of service to your inbox. I think. Was it Brian Krebs was hit one day with a half a million messages, all in a few hours. And it was. And it sounds like, yeah, you've run into a couple of these. So it's really about mitigating these various, like sub categories of email bombs and being able to handle it in a way that makes sense to your organization.

A

What other ways are customers using this? Let's say could you use the basic principles behind this new feature to configure it to detect misconfigured backends? Like let's say you have a JIRA instance that just starts spamming out emails with this.

B

That's interesting. Yeah. I'm curious whether or not you could go that route. Particularly our purview at this point is at the individual mailbox level, the JIRA instance. It would depend, I personally believe, on whether or not it looks internally facing versus like an external sender inbound versus kind of external communication and then how pervasive that message or those messages are across your organization. So the ML team and detection team is actively working on, okay, we're able to detect these email bombs that hit in a mailbox or a few mailboxes. What does it look like when it starts to hit an entire organization? Does that process change? Does the math behind some of these anomaly detection models need to be altered in order to best capture these sort of more nuanced scenarios?

A

So what is usually the threshold that triggers this initial detection? Like is it like 100 emails or talking the thousands?

B

Yeah, so it does ultimately vary on a user to user basis. And that's really the beauty of the like the temporal look back. So we do, I think I said at the beginning, like we look back around 30 days to try to build this sort of baseline model of what is normal for a given user. And that's time of day, day, a week, trying to take into account kind of additional bits of data, holidays and things like that. That's what we're trying to leverage. And then from a thresholding standpoint, it's not necessarily an integer. Right. Like it's not two times the standard deviation of normal or what other like traditional event detection algorithms are out there. This tries to take a more probabilistic approach and say, okay, I am seeing X amount of messages within this small time window or say five minutes. What is the likelihood that I was expecting to see this at this time? And we can kind of leverage those as high, medium, low kind of confidence levels less around an individual like number though, something like that. So we're working on a couple of different like UX workflows to allow the incorporation of like how aggressive do you want to be in detecting? Do you want to be more conservative and take steps like that to again provide a little more control?

A

So when this feature rolls out, would the companies have the ability to adjust those thresholds or would the LLM system automatically learn by itself what that threshold needs to be?

B

So I think to answer your question, day one, the core anomaly detection algorithm, we'll learn those thresholds, right? So the goal is to do the learning kind of on prem as much as possible. We don't want to try to draw your data out of your environment to try to learn these things. That's a very messy operation in my opinion. It's better to just leverage the data where it's currently stored and try to build those sort of baseline models. What I would think would make the most sense from a, from a UX standpoint for our customers longer term is this ability to determine how aggressive you want to be in detecting these spikes. Some organizations really want that ability to identify the moment a spike hits and that confidence level can be, you can be much more aggressive and really lower the amount of time you are looking at for said spike versus conservative. Maybe you, maybe you balloon that time window out a little bit more just to only fire when you are 100% confident that something truly anomalous is occurring.

A

So basically if you're afraid of newsletter spam bombs like leave it as it is. But if you're afraid of scattered spider and ransomware gangs like fine tune the margins.

B

Exactly, exactly. So there's, this should be a tool that really.

A

There's a bit for everyone.

B

Yeah, exactly. And depending on your level of, I think sophistication of your security team and things like that could all play into the level of aggression versus like conservativeness you want to take and like alerting on these sort of spikes.

A

Yeah, I dig it. I like it.

B

Yeah, it's a really, it's a really interesting, like you said, it's a problem that's been around more in an annoying way for a decent amount of time and we're starting to see it weaponized more which is, I mean it should be obvious at this point that there's going to be new ways to do this. And this particular problem to me is interesting because by and large you're not detecting bad email. You're just trying to detect a lot of email that is anomalous for a given moment in time. Much trickier problem, a really interesting mathematical problem. As I said, the folks on the ML side really enjoyed kind of nerding out on this problem with our detection team and engineering team. And we're excited to see it in use already with some of these customers and leveraging the MQL detection writing piece to come up with their own actions, automated and analytical actions to take once a bomb is detected.

A

Besides this feature you're working right now, since you are the head of LLMs at Sublime and I got you here, what else are you cooking up for us?

B

I think the thing we're most excited about right now from an LLM standpoint in particular, is the kind of the analyst or human augmentation piece. I was at RSA last year and had a bunch of conversations with organizations around abuse mailboxes and it was really interesting and they were like, you know, we've over trained our users to report Phish. Now everybody, the minute they suspect anything that's even close to being suspicious, they send it to us. And our abuse mailbox is just blowing up in size. We're taking all of our security personnel and dedicating them to reducing the load there because if the message is not a fish, it needs to go back in the inbox and in theory responded to or whatever. So my team sat down and we started thinking about, well, you know, this feels like something an LLM would actually be good at, like being this sort of security analyst that you can rely on to chip away at your abuse mailbox over time and apply the same sort of analytical rigor repeatedly. It doesn't get tired, it doesn't bring a lot of bias as far as like, you know, person A, analyst A and analyst B have different definitions of what, spam or graymail or benign and gray mail. And so it can adhere to a strict set of guidelines or rules. So this rsa, we actually just rolled out asa, which is autonomous Security Analyst, which is our first kind of entry point into agentic AI. So this LLM or this agent is able to kind of sit in your abuse mailbox. It reviews messages, it produces reports. You can just set ASA to automate triage or response actions or you can go in, it provides, as I said, the report has evidence around what it found and why it's important or why it needs a call out to try to garner more trust in kind of its prediction or verdict process. And it's been really fascinating. The feedback again on that has been pretty wild to see. Folks are using it daily. They've been able to move security analysts off of abuse mailbox duty into things that are maybe a little bit more important or critical to the organization, free up time to do deeper investigations and analysis. And it's been a wild ride for sure. And we're going to keep kind of pushing the envelope there and move more and more kind of into that space and try to deliver value to the various roles within a security organization.

A

I think soc teams are the most spoiled people in infosec right now. All the AI tools are being made just for them.

B

They get so many cool tools.

A

Yeah, they get all the cool air tools.

B

Yeah, it is, it's, you know, I really like. We heard an anecdotal story yesterday, I feel like from a, from a customer and they're using it, they're using ASA to kind of uplevel their junior analysts sitting them down with ASA side by side to educate them on how to craft reports, what to look for in an email, how that can correlate to the sublime query language to build more robust detections. Just really fascinating how, how folks can get, get a tool, as you said, and then start to uncover like new or unique use cases that fit their need. Really, really cool to see.

A

Okay, Bobby, I think that's the perfect way to end it and I think we have some new topics to talk about next time.

B

Yeah, no, I, I would love to, love to come back and, and nerd out some more and it's, it's been excellent to, to catch up.