Risky Bulletin Sponsored: Sublime Security on the spam/email bomb problem
May 25, 2025
Bobby Filar, Head of Machine Learning at Sublime Security, brings his expertise in email security to the forefront, discussing the alarming rise of spam bombing in corporate environments. He highlights how cybercriminals use these tactics as a gateway for initial access. The conversation dives into innovative machine learning features aimed at detecting unusual email volumes, combating social engineering, and enhancing threat detection. Bobby also shares insights into the role of Autonomous Security Analysts in automating the triage of suspicious emails, benefiting both security teams and junior analysts.
AI Snips
Chapters
Transcript
Episode notes
Email Bombing as a Social Engineering Tool
- Email bombing floods a user's inbox with many benign but overwhelming emails to soften them for social engineering attacks.
- This tactic includes follow-up calls or Teams invites to trick the user into giving remote access, leading to initial access breaches.
User-Specific Email Bomb Detection
- Sublime uses individual mailbox baseline models based on 30 days of message volume, velocity, and diversity.
- This user-specific modeling contrasts with global anomaly detection approaches, improving email bomb detection accuracy.
Responding to Email Bombs
- Organizations should automate quarantining or removing suspicious bulk emails detected during an email bomb.
- They must also alert users to beware of phishing or social engineering attempts following a bomb attack.