SAN FRANCISCO, November 2, 2023 - Abnormal Security, the leading AI-native cloud email security platform, today announced enhanced capabilities to detect QR codes in emails and parse their corresponding links. The signals extracted from parsing the QR codes, combined with Abnormal’s behavioral analysis across the broader email environment, strengthens the platform’s ability to detect and block malicious activity.
Recent data from Abnormal shows that QR codes are the primary attack vector in 17% of all advanced attacks targeting customer environments. As QR codes have risen in popularity, offering a convenient format for sharing information, threat actors have also begun to exploit their familiarity, including through credential phishing, extortion, and invoice payment fraud attacks. Attackers are increasingly crafting emails that contain malicious QR codes, often linking these images to a seemingly legitimate website, like a Google or Microsoft login page, and prompting recipients to enter their login credentials, which are then stolen or used to launch additional attacks.
“As threat actors continue to innovate, QR code attacks are on the rise, partly because they tend to work better than more traditional attack types,” said Mike Britton, chief information security officer at Abnormal. “They can be difficult to detect because unlike traditional email attacks, there’s minimal text content and no obvious URL. This significantly reduces the number of signals available for traditional security tools to analyze.”
In contrast, Abnormal takes a radically different approach to stopping advanced email attacks. The unique API architecture ingests thousands of diverse signals to build a baseline of the known-good behavior of every employee and vendor in an organization based on communication patterns, sign-in events, and thousands of other attributes. It then applies advanced AI models including natural language processing (NLP) to detect abnormalities in email behavior that indicate a potential attack. This is how Abnormal has historically detected attacks that use QR codes, including this quishing campaign detected in late 2021.
With the updated capabilities announced today, Abnormal has introduced models specifically designed to determine when an email contains a QR code, whether that is in the body of the email or in image and PDF attachments. The platform now parses the embedded link associated with the QR code, and ingests that information alongside other signals to identify and remediate malicious activity.
“The Abnormal platform already analyzes tens of thousands of signals across the email environment to pinpoint anomalies with high efficacy,” Britton continued. “And now, with the additional ability to accurately detect and parse QR codes, we’re enhancing our detection engine with yet another powerful signal and providing our customers with increased confidence in Abnormal’s ability to stay ahead of emerging threats.”
For more information on a recent QR code attack and additional product details, read this blog post.
About Abnormal Security
Abnormal Security provides the leading behavioral AI-based email security platform that leverages machine learning to stop sophisticated inbound email attacks and dangerous email platform attacks that evade traditional solutions. The anomaly detection engine leverages identity and context to analyze the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails and messages —all while providing visibility into configuration drifts across your environment. You can deploy Abnormal in minutes with an API integration for Microsoft 365 or Google Workspace and experience the full value of the platform instantly, with additional protection available for Slack, Teams, and Zoom. More information is available at abnormalsecurity.com.
Director of Communications