Risky Bulletin Podcast Summary
Episode: Sponsored: Sublime Security on Trends and the Rise of SVG Abuse
Host: Catalyn Campano
Guest: Josh Kamjoo, Co-Founder and CEO of Sublime Security
Release Date: March 23, 2025

Introduction

In this sponsored episode of Risky Bulletin, host Catalyn Campano engages in an in-depth conversation with Josh Kamjoo, the co-founder and CEO of Sublime Security. Building upon their previous discussion about attack surface reduction for email, the episode delves into the evolving threats targeting email inboxes, the influence of artificial intelligence (AI) on these threats, and the innovative strategies Sublime Security employs to combat sophisticated email-based attacks.

Evolution of the Email Threat Landscape

Josh Kamjoo begins by highlighting the rapid evolution of the email threat landscape. He emphasizes that email has long been the primary initial access vector for adversaries due to its high return on investment (ROI) for malicious activities.

Josh Kamjoo [00:45]: “Email's always been... the number one initial access vector. It's been such high ROI for adversaries to conduct and achieve objectives.”

Impact of Artificial Intelligence on Email Attacks

Catalyn probes whether the acceleration in email threats is driven by AI or by inherent advancements in attacker capabilities. Josh acknowledges that while the threat landscape has always been dynamic, AI has significantly exacerbated the situation.

Josh Kamjoo [01:13]: “AI has made it worse. We've seen what looks to be almost certainly AI-generated attacks... adversaries use Gemini to conduct their ops.”

He references a report by Google's Threat Intelligence Group, which details how AI tools like Gemini are being leveraged by North Korean APT groups, Russian ABT, and financial criminals to enhance spear phishing operations through reconnaissance and the generation of highly targeted email attacks.

Sophistication in Attack Techniques

Josh elaborates on the increasing sophistication and variation in email attack methods. Traditional techniques such as living off trusted sites, SVG smuggling, and HTML smuggling are being enhanced with additional evasion tactics, making detection more challenging.

Josh Kamjoo [02:55]: “We're seeing an uptick in SVG smuggling, which presents some interesting detection challenges at the email layer...”

Rise of SVG Smuggling

A significant portion of the discussion centers on SVG smuggling—a novel technique that leverages Scalable Vector Graphics (SVG) files to embed malicious scripts.

Josh Kamjoo [03:31]: “SVG smuggling presents interesting detection challenges... SVGs support JavaScript, iframes, and various HTML attributes like onload and onerror.”

Josh explains how adversaries exploit the legitimate nature of SVGs, which are commonly used for email signatures and logos, to embed malicious code. Sublime Security addresses this by analyzing the behavioral context of SVG files, identifying unusual scripts or iframes that signal malicious intent.

Josh Kamjoo [06:17]: “If you can get down into the SVG contents and scan for script tags or iframes... we can detect these with high confidence.”

Seasonality and Timely Attacks

Catalyn inquires about the prevalence of specific attack techniques during certain periods. Josh confirms that email threats exhibit strong seasonality, aligning their tactics with timely events such as tax season, holidays, and other significant periods.

Josh Kamjoo [08:27]: “There's definitely 100% a seasonality to the email threat landscape... we're seeing tax season-themed attacks aiming for credential theft and malware delivery.”

He provides examples of sophisticated attacks, including phishing campaigns masquerading as legitimate tax documents, which deliver payloads like Remote Access Trojans (RATs) through layered malicious content.

Commoditization and Mass Production of Complex Attacks

The conversation shifts to the accessibility of advanced attack methods. Josh asserts that multi-stage and sophisticated email attacks are now commoditized, making them accessible for mass-scale operations rather than being limited to high-value targets.

Josh Kamjoo [10:47]: “These are commoditized now... many phishing kits and AI-generated tools are available, enabling mass volume attacks with increasing sophistication.”

He anticipates further advancements as generative AI tools become more integrated into adversaries' arsenals, allowing for more personalized and conversational phishing attempts at scale.

Sublime Security’s Adaptive Detection Strategies

Addressing the evolving threat landscape, Josh outlines how Sublime Security adapts to new attack techniques. He describes their innovative approach to real-time detection, which leverages foundational models like fine-tuned BERT for natural language processing and computer vision models.

Josh Kamjoo [12:58]: “We have a control layer that acts as a programmable interface, allowing us to adapt rapidly without retraining our models. This combination enables us to respond swiftly to new threats.”

Sublime Security’s system employs a domain-specific language (DSL) that accesses raw signals from various models, facilitating the creation of dynamic detection rules and enhancing the platform’s ability to identify and mitigate previously unknown attack vectors.

Conclusion

Catalyn wraps up the discussion by appreciating Josh’s insights into the dynamic and increasingly sophisticated landscape of email threats. The episode underscores the importance of adaptive security measures and the role of advanced technologies in staying ahead of evolving cyber adversaries.

Josh Kamjoo [14:02]: “That was cool, man.”

Notable Quotes

• Josh Kamjoo [01:13]:
  “AI has made it worse. We've seen what looks to be almost certainly AI-generated attacks... adversaries use Gemini to conduct their ops.”

• Josh Kamjoo [03:31]:
  “SVG smuggling presents interesting detection challenges at the email layer... SVGs support JavaScript, iframes, and various HTML attributes like onload and onerror.”

• Josh Kamjoo [08:27]:
  “There's definitely 100% a seasonality to the email threat landscape... we're seeing tax season-themed attacks aiming for credential theft and malware delivery.”

• Josh Kamjoo [10:47]:
  “These are commoditized now... many phishing kits and AI-generated tools are available, enabling mass volume attacks with increasing sophistication.”

• Josh Kamjoo [12:58]:
  “We have a control layer that acts as a programmable interface, allowing us to adapt rapidly without retraining our models. This combination enables us to respond swiftly to new threats.”

This episode of Risky Bulletin offers valuable insights into the shifting dynamics of email-based cyber threats and showcases how Sublime Security is at the forefront of developing adaptive security solutions to counter these evolving risks. For listeners interested in cybersecurity trends and advanced email protection strategies, this discussion provides a comprehensive overview of the challenges and innovations shaping the current threat landscape.