Google uses machine learning for new security features in Gmail

Enterprise customers can access the new protections over the next few days

Google has pushed four new security features to enterprise users on G Suite, the search giant's hosted business offering. The new protections come shortly after Citizen Lab report exposed a Russia-linked Phishing and disinformation campaign using Google services, including Gmail.

Google makes no mention of the Citizen Lab report in their posts on the new security features, but many of the protections take aim at common Phishing techniques used to steal data and credentials.

The Citizen Lab report describes a Phishing and disinformation campaign by Russian actors, which targeted more than 200 people across 39 countries.

Among those targeted were "a former Russian Prime Minister, members of cabinets from Europe and Eurasia, ambassadors, high ranking military officers, CEOs of energy companies, and members of civil society," the report notes.

One of the first emails sent in the campaign tracked by Citizen Lab was a fake security warning, allegedly from Google, delivered to the victim's Gmail account. The malicious link embedded within the message used an open redirect hosted by Google, pointed to a spoofed Gmail log-in page designed to harvest credentials. The use of the redirect gave the link a legitimate appearance, as a passive glance at the URL would show a Google domain.

On Wednesday, five days after the Citizen Lab report was published, Google announced the launch of four new features in G Suite, including one that uses machine learning to help block spam and Phishing. While the two might not be related, it shows that Phishing is an ongoing fight - something Google has become well aware of over the years.

The anti-Phishing measure works by selectively delaying some messages (less than 0.05 percent) to perform Phishing analysis. This process is further backed by integration with Google Safe Browsing for detection of suspect URLs.

"These new models combine a variety of techniques such as reputation and similarity analysis on URLs, allowing us to generate new URL click-time warnings for phishing and malware links. As we find new patterns, our models adapt more quickly than manual systems ever could, and get better with time," explained Andy Wen, Google's Senior Product Manager of Counter Abuse Technology.

Other security enhancements to G Suite include new DLP-based protections called unintended external reply warnings. These warnings will trigger if a person attempts to respond to someone outside of the company domain. Contextual intelligence will exclude existing contacts or people the user regularly interacts with.

Malicious attachments are another problem the latest G Suite update will address.

According to Sri Somanchi, Gmail Product Manager, "We now correlate thousands of spam signals with attachment and sender heuristics, to predict messages containing new and unseen malware variants."

This includes blocking file types with high risk, such as JavaScript and executables.

"Machine learning has helped Gmail achieve more than 99% accuracy in spam detection, and with these new protections, we’ve been able to reduce your exposure to threats by confidently rejecting hundreds of millions of additional messages every day," Somanchi added.

All of the enhancements will be available to each G Suite edition by the end of the week.

Show Comments