chat
expand_more

Abnormal Activity: Unveiling Abnormal Updates for Improved Detection, Investigation, and Productivity

Abnormal product enhancements improve detection efficacy, reporting on QR code attacks, productivity, and protection from account takeover.
February 8, 2024

Welcome to the latest installment of Abnormal Activity! This recurring quarterly blog and webinar series provides insights into the evolution of our product. In this edition, we're thrilled to unveil significant enhancements that can directly impact the detection, investigation, productivity, and reporting for your security team.

Join us as we showcase the exciting developments our team has been diligently working on, offering you a fresh perspective and a renewed appreciation for AI-native email security.

We also encourage you to join us for our Abnormal Activity webinar on March 6 at 1:00 pm ET. Register here.

Now, let’s dive into the updates!

Email Productivity for Google Workspace

Graymail messages inundate user inboxes with sales outreach, newsletters, and advertisements, overwhelming employees and eroding productivity. In 2022, Email Productivity was released as an add-on module to Inbound Email Security. Email Productivity applies the same behavioral AI, natural language processing (NLP), and natural language understanding (NLU) models used to stop inbound email attacks, to remove graymail messages from the inbox.

Email Productivity is now available for Google Workspace environments. When deployed in a Google environment, Email Productivity will automatically remove promotional messages from the inbox and place them into a graymail label, as seen below. This results in measurable productivity gains.

Prod Q4 1

Filter for QR Code Attacks Detected by the QR Code Detector

Attackers are increasingly crafting emails that contain an image attachment of a malicious QR code. To combat this threat, Abnormal previously released a QR code detector which works in tandem with behavioral AI to detect and remediate emails containing a malicious QR code.

Customers can now filter Threat Log to view all attacks remediated by the QR code detector. This enhancement provides valuable insights into the frequency of QR code attacks and allows for a more targeted analysis of security threats.

Deeper Insights and Confidence Scores in Email Account Takeover Protection Enhance Investigation

In this latest enhancement of Abnormal Email Account Takeover Protection, Abnormal Cases have been enriched with contextual insights detailing why an event triggered a case and which signals helped determine that event was suspicious. Abnormal Cases will now highlight how frequently a user (and in certain cases, the company itself) was associated with analyzed signals such as IP addresses, ISPs, browsers, locations, etc—ultimately helping to determine when the use of one of these signals is suspicious.

Additionally, Cases will now be assigned a Confidence Score: A ‘High’ score requires immediate attention, a ‘Medium’ score indicates a “potential risk” that should be investigated, and a ‘Low’ score is attributed to notable or suspicious events that may be unusual but are not anomalous enough to label as an urgent threat.

To reduce noise, Cases in the Account Takeover Protection list view will be segmented based on confidence to give immediate visibility into the highest priority Cases, while still providing quick access to the other suspicious user cases that are not considered active account takeovers.

Prod Q4 3

Accelerated Scanning of Reported Emails for Abuse Mailbox Automation

Abuse Mailbox Automation automatically triages and remediates user-reported emails and marks them as malicious, spam, or safe. When a malicious email is identified, Abuse Mailbox will intelligently locate and remove other unreported emails within the same phishing campaign.

Abnormal has introduced new large language models to accelerate the analysis of reported messages to Abuse Mailbox Automation.

Detection Enhancements

In the relentless pursuit of detection excellence, Abnormal consistently invests in improvements to its AI-native detection engine. By implementing new detectors and leveraging additional data, we aim to amplify the detection engine’s overall effectiveness at identifying new and emerging attacks, such as the real-world example below.

Prod Q4 4

In this image-based attack, the attacker employs urgent subject lines and attachments to induce a rushed response from the recipient. This attack also passed an SPF check which could make it appear more legitimate to the recipient. The content of the attack is embedded in the image to intentionally thwart detection. Abnormal was able to detect this attack with a natural language processing (NLP) based model. In this new enhancement, Abnormal trained a character-level NLP model to detect a slice of attacks where the subject, display name, and from email fields are sufficient to judge a message accurately.

We are excited to share a series of detection enhancements and new detectors:

  • Improved detectors to identify new OnMicrosoft backscatter attacks. In these attacks, spammers use real email addresses to receive bounce messages for messages the recipient didn’t send.

  • Implementation of detection mechanisms to enhance the identification of Netflix impersonation phishing attacks, particularly those masquerading as subscription renewal notices.

  • New detection improvements for attack messages that consist of top impersonated brands using legitimate attack vectors to collect sensitive information.

  • Enhanced detection rate to more effectively identify instances of display name impersonation involving the company name in attacks.

New detectors:

  • New detector to increase the detection rate of VIP impersonations sending potential invoice fraud.

  • New detector to better detect Meta impersonation emails leveraging Salesforce and Google notifications.

  • New detector to improve the detection rate of brand impersonation attacks where attackers utilize spacing in the sender’s name for obfuscation.

  • New detector to stop attacks that contain hidden text and appended conversations.

  • New detector to increase the detection rate of DocuSign name impersonation attacks.

In addition to the enhancements above, Abnormal consistently retrains its detection models to dynamically respond to evolving attack patterns observed in the Abnormal environment. This proactive approach boosts our ability to detect unprecedented and novel malicious attacks.

What’s Next For Abnormal?

Abnormal is committed to further refining its current product offerings and detection capabilities, while simultaneously developing new and exciting products and features to further secure our customers’ environments. To get a sneak peek at our roadmap, register for the Abnormal Activity product update webinar on March 6 at 1:00 pm ET. To learn more about what Abnormal can do for you today, request a demo below.

Schedule a Demo
Abnormal Activity: Unveiling Abnormal Updates for Improved Detection, Investigation, and Productivity

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More
B AISOC
Discover how AI is transforming security operation centers by reducing noise, enhancing clarity, and empowering analysts with enriched data for faster threat detection and response.
Read More
B Microsoft Blog
Explore the latest cybersecurity insights from Microsoft’s 2024 Digital Defense Report. Discover next-gen security strategies, AI-driven defenses, and critical approaches to counter evolving threats and safeguard your organization.
Read More
B Osterman Blog
Explore five key insights from Osterman Research on how AI-driven tools are revolutionizing defensive cybersecurity by enhancing threat detection, boosting security team efficiency, and countering sophisticated cyberattacks.
Read More
B AI Native Vendors
Explore how AI-native security like Abnormal fights back against AI-powered cyberattacks, protecting your organization from human-targeted threats.
Read More