chat
expand_more

Fall 2023 Product Recap: Enhanced Detection Capabilities Target Quishing and MFA Bypass

Abnormal product enhancements improve detection against quishing and MFA bypass in conjunction with deeper insights, visibility, and data correlation.
November 15, 2023

As Fall swept in, Abnormal didn’t leaf any room for mediocrity. In fact, we released a suite of impactful product enhancements aimed at strengthening our core detection capabilities while providing increased visibility for our customers.

All puns aside for now, these enhancements truly showcase the Abnormal commitment to thwart ‌email and email-like attacks and automate customers’ security operations.

We are excited to review these enhancements and preview our 2024 roadmap during a live webinar on December 5 at 1:00 pm ET. Click here to register!

Can’t wait for the webinar? Continue reading to learn about the specific enhancements we’ve released in the last few months to improve our products.

Improved Protection Against Advanced Attacks

Detecting Malicious QR Code Attacks

Over the past few months, there has been an increasing number of phishing attacks deployed through the use of malicious QR codes. This attack method, also known as “quishing” makes up approximately 17% of all advanced attacks that bypass native spam/junk filters, according to Abnormal data. Threat actors encode these QR codes with malicious links that often direct to what appears to be a legitimate website, such as a Google or Microsoft login page. Unfortunately, when a victim enters their login credentials, the attacker can steal and use those credentials to launch additional attacks.

To address this threat, Abnormal has updated its defense strategies and released a QR code detector that can extract links from QR codes for further analysis. This detector works with Abnormal behavioral AI detection to provide a powerfully complete solution to the rise of these threats. This enhancement will improve the detection of such attacks, and optimistically, we anticipate a reduced frequency of having to say "quishing" as a result.

Detect the Signs of MFA Bypass in Account Takeover Protection

Recent attacks on government agencies and major corporations have highlighted the ability of threat actors to bypass MFA. The attackers rely on stolen or forged session tokens to gain access to an account while avoiding typical authentication processes. From there, attackers establish persistence through social engineering, convincing IT teams to reset credentials and MFA devices. If the new device is approved, subsequent sessions may appear to be legitimate, making it very difficult to detect when these attacks have occurred.

To help detect and combat these tactics, we have added new signals to our Account Takeover Protection solution. Abnormal can now detect suspicious device registration that could indicate an attacker has manipulated the account and may be attempting to establish persistence. A new, unknown device could be registered to validate MFA requests. When done in conjunction with additional suspicious behaviors, this could indicate an attacker establishing complete control of an account they had initially compromised via session hijacking or other MFA bypass tactic.

New Security Posture Events to Help Stop Consent Phishing

Consent phishing attacks occur when users or an application grants 0Auth access. These attacks can bypass email security tools by using legitimate domains or compromised vendors to appear as legitimate requests. If consent is granted, an attacker can breach the organization.

Abnormal Security Posture Management can now surface when a new application has been granted new permission, when a new user has been added to a mail tenant, and when users are assigned to an application. This enhancement mitigates the risk of an attacker tunneling deeper within an organization by helping uncover when a malicious application may have been granted access.

Deeper Insights, Visibility, and Correlation

Enhanced Explainability in Abnormal Cases

Abnormal deploys AI models to understand each organization and detect malicious activity with high precision. As an AI-native security company, we are dedicated to providing easy-to-understand explanations of why a threat is deemed a threat.

Abnormal Cases lays out a comprehensive timeline of events that led to determining an account has been compromised. Each event is enriched with insights into why a specific activity was considered suspicious. Customers can now gain even deeper visibility into anomalous activity, including detection confidence and why an event triggered a case. This streamlines investigations for customers, whether in the Abnormal Portal or in a SIEM, after exporting case events.

New Integration with CrowdStrike Fal.Con XDR

Email and endpoint devices remain the most highly-attacked entry points into an organization. Without native connections between email and endpoint security tools, security teams bear the burden of manually correlating signals from multiple security domains.

Thanks to a new integration, CrowdStrike Falcon® Insight XDR customers can now ingest the Abnormal AI-powered signals and data to gain cross-domain visibility from their endpoint, identity, and network security solutions. This provides greater insight into the most sophisticated socially engineered email attacks facing their environment while reducing the time required to triage those attacks.

What’s Next For Abnormal?

Abnormal has some exciting product enhancements lined up to round out 2023, and even more exciting releases planned for 2024. To get a sneak peek at our roadmap, register for our product update webinar on December 5 at 1:00 pm ET. To learn more about what Abnormal can do for you today, request a demo below.

Schedule a Demo
Fall 2023 Product Recap: Enhanced Detection Capabilities Target Quishing and MFA Bypass

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B SOC Prod
Learn how AI-driven automation boosts SOC productivity by reducing false positives, addressing skills gaps, and enhancing threat detection. Discover strategies to future-proof your SOC and strengthen cybersecurity defenses.
Read More
B Proofpoint Customer Story F500 Insurance Provider
A Fortune 500 insurance provider blocked 6,454 missed attacks and saved 341 SOC hours per month by adding Abnormal to address gaps left by Proofpoint.
Read More
B Malicious AI Platforms Blog
What happened to WormGPT? Discover how AI tools like WormGPT changed cybercrime, why they vanished, and what cybercriminals are using now.
Read More
B MKT748 Open Graph Images for Cyber Savvy 7
Explore insights from Brian Markham, CISO at EAB, as he discusses cybersecurity challenges, building trust in education, adapting to AI threats, and his goals for the future. Learn how he and his team are working to make education smarter while prioritizing data security.
Read More
B Manufacturing Industry Attack Trends Blog
New data shows a surge in advanced email attacks on manufacturing organizations. Explore our research on this alarming trend.
Read More
B Dropbox Open Enrollment Attack Blog
Discover how Dropbox was exploited in a sophisticated phishing attack that leveraged AiTM tactics to steal credentials during the open enrollment period.
Read More