Google Claims Gmail Can Now Detect 99.9% of Malicious Document Attachments
- Google has revealed the first results of a new malware detection AI they’ve been using since the end of 2019.
- In conjunction with other protection systems that are in place, Gmail blocks 99.9% of the threats.
- There’s a large number of malware strains flying around Gmail each day, so only sophisticated AI tools can help its vast userbase at this point.
Google has announced that the company's advanced "deep learning" algorithms used by Gmail to warn users about spam, phishing attempts, and malware, are able to catch 99.9% of the threats. This admittedly impressive percentage is the result of the combination of novel machine learning systems and other existing protections that are in place. Gmail has recently turned to using a new generation of malware scanners for document attachments, which has increased the detection performance by 150%, while the number of detections went up by 10%. There are 300 billion attachments arriving in Gmail inboxes every week, and 63% of those blocked as malicious differ from day to day.
Source: Google Security Blog
The new malware scanner deploys the "TensorFlow" deep-learning AI that can parse documents and identify risk patterns. The system is able to extract macros from the attached documents, deobfuscate their content, and analyze the data against a set of common attack patterns. For now, the system is limited to scanning Office documents, but Google says they are planning to expand its coverage to more type files soon. Office files account for 56% of all the malware attachments that target Gmail users, so it’s important to focus there first.
Source: Google Security Blog
In most malware distribution and phishing campaigns, malicious actors opt for a document as their first step in the infection chain. We’ve repeatedly seen documents having nasty macros, exploiting Office vulnerabilities, fetching other payloads, or straight-out trying to trick the recipient and convince them about something untrue. As people remain the weakest link in the chain of security, the best way to deal with these threats is to block them right at the door, or at least mark them as spam/phishing attempts. This way, the risk of having people getting fooled by spammers is mitigated, and malicious campaigners see their success rates drop down to discouraging levels.
Source: Google Security Blog
Gmail is one of the most popular web-based email services in the world, having already surpassed 1.5 billion users globally. It is free, features a contemporary interface, offers apps for all major platforms, allows users to store up to 15 GB of stuff online, supports the sending of large files through GDrive, features two-factor authentication, and is generally well integrated with the rest of Google’s ecosystem. All that said, having advanced AI-based malware detection tools deployed in Gmail is crucial for the security of a big portion of the internet userbase, and it’s definitely good to see Google investing more on that part.