Abnormal Blog

Here’s an in-depth analysis of the 62 most prominent ransomware groups and their activities since January 2020.

See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.

Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.

Threat actors are posing as businesses and individuals seeking tax preparation services and then providing copies of the Sorillus client remote access tool (RAT).

Actors are now exploiting the customer contact form on websites to bypass email security and encourage BazarLoader downloads.

Looking at the overall volume trends, there have been two main spikes in ransomware activity over the last two years.

As part of our research, we dove into why ransomware has changed and how each variable influences the overall threat of ransomware in distinctly different ways.

New research from the Abnormal Threat Intelligence team shows that ransomware delivery methods have evolved, payouts are growing in frequency and total cost, and there are more malicious actors participating in ransomware than ever before.

When the typical person thinks about cybercrime, they may think of ransomware or identity theft, or perhaps the ubiquitous Nigerian prince scams targeting their unsuspecting grandmother

Over the last few days, Abnormal has successfully blocked multiple attempts by attackers to deliver emails similar to these to our customers’ unsuspecting end users.

As major social media platforms have expanded the ability of creators to monetize their content in the last few years, they and their users have increasingly found themselves the targets of malicious activity. TikTok is now no exception.

On August 12, 2021, we identified and blocked a number of emails sent to Abnormal Security customers soliciting them to become accomplices in an insider threat scheme. The goal was for them to infect their companies’ networks with ransomware. These emails allege to come from someone with ties to the DemonWare ransomware group.

Abnormal Security recently detected two new types of attacks where scammers are targeting victims by redirecting their own Microsoft 365 out-of-office replies as well as read receipts back to them. These tactics indicate attackers are using every available tool and loophole...

Abnormal recently detected campaigns targeting our customers where malicious actors will impersonate major brands and reach out to accounting teams to ask if there are any outstanding invoices for the company they are impersonating. Abnormal classifies these messages...