Abnormal Blog

Discover how threat group Chiffon Herring leverages impersonation and spoofed email addresses to divert paychecks to mule accounts.

In this attack, threat actors impersonate a teacher to deliver Matanbuchus malware-as-a-service (MaaS) using a Google Drive link.

The number of ransomware attacks continued its downward trend in Q2 2022. Learn why and discover more about ransomware threat actors and targets.

Introducing Abnormal Intelligence—your go-to resource for expert insights into emerging cyber threats and email attack trends.

Understanding the ways cybercriminals execute financial supply chain compromise is key to preventing your organization from falling victim to an attack.

Financial supply chain compromise, a subset of business email compromise (BEC), is on the rise. Learn how threat actors launch these sophisticated attacks.

Executives are no longer the go-to impersonated party in business email compromise (BEC) attacks. Now, threat actors are opting to impersonate vendors instead.

Here’s an in-depth analysis of the 62 most prominent ransomware groups and their activities since January 2020.

See how threat actors used a single mailbox compromise and spoofed domains to subtly impersonate individuals and businesses to coerce victims to pay fraudulent vendor invoices.

Like all threats in the cyber threat landscape, ransomware will continue to evolve over time. This post builds on our prior research and looks at the changes we observed in the ransomware threat landscape in the first quarter of 2022.

Threat actors are posing as businesses and individuals seeking tax preparation services and then providing copies of the Sorillus client remote access tool (RAT).

Actors are now exploiting the customer contact form on websites to bypass email security and encourage BazarLoader downloads.

Looking at the overall volume trends, there have been two main spikes in ransomware activity over the last two years.

As part of our research, we dove into why ransomware has changed and how each variable influences the overall threat of ransomware in distinctly different ways.

New research from the Abnormal Threat Intelligence team shows that ransomware delivery methods have evolved, payouts are growing in frequency and total cost, and there are more malicious actors participating in ransomware than ever before.

When the typical person thinks about cybercrime, they may think of ransomware or identity theft, or perhaps the ubiquitous Nigerian prince scams targeting their unsuspecting grandmother

Over the last few days, Abnormal has successfully blocked multiple attempts by attackers to deliver emails similar to these to our customers’ unsuspecting end users.

As major social media platforms have expanded the ability of creators to monetize their content in the last few years, they and their users have increasingly found themselves the targets of malicious activity. TikTok is now no exception.

On August 12, 2021, we identified and blocked a number of emails sent to Abnormal Security customers soliciting them to become accomplices in an insider threat scheme. The goal was for them to infect their companies’ networks with ransomware. These emails allege to come from someone with ties to the DemonWare ransomware group.

Abnormal Security recently detected two new types of attacks where scammers are targeting victims by redirecting their own Microsoft 365 out-of-office replies as well as read receipts back to them. These tactics indicate attackers are using every available tool and loophole...

Abnormal recently detected campaigns targeting our customers where malicious actors will impersonate major brands and reach out to accounting teams to ask if there are any outstanding invoices for the company they are impersonating. Abnormal classifies these messages...