Reporting on COVID-19 Attacks in the Abnormal Portal

March 31, 2020

Abnormal Security

Ken Liao

This is part 3 of the 3-part series on COVID-19 and email attacks. Attackers are using fear and urgency of the COVID-19 backdrop as employees start shelter-in-place routines. These attacks are never-before-seen and being delivered to employee inboxes. Our 3-part series includes:

  1. Attack landscape: in part one, we discuss the landscape of attacks that are entering mailboxes, the traits of the attacks, and the goal of the attacker.
  2. Abnormal protection measures: in part two, we discuss the measures taken by the Abnormal Security detection platform to detect and protect against this new type of attacks.
  3. Reporting on COVID-19 attacks in the Abnormal portal (this blog): in part three, we discuss how customers can see and report on the attacks that Abnormal is detecting and preventing from hitting their employees’ inboxes with newly created filters.

In addition, in our COVID-19 Resources Center, see examples of actual attacks Abnormal Security has detected, along with a deep dive that dissects the attack facets being employed to engender fear, urgency, and engagement with the recipient.

Reporting on COVID-19 Attacks

We understand that many of our customers are being asked by the business about the preparedness of the organization against COVID-19 attacks, particularly in light of the sudden move many organizations have made to working from home.

Abnormal Security has been catching COVID-19 / Coronavirus themed email attacks as soon as they appeared earlier in the year without any updates to our detection models. Read more in part two of our blog series.

In order to provide better visibility on the COVID-19 attacks that are targeting your specific environments, we have tuned our models in order to granularly categorize these attacks. To be clear, these attacks were being stopped without the new models. The new models simply allow COVID-19 specific classification. This has further enabled a new filter in our portal that allows you to create a report on COVID-19 attacks.

To create this report, navigate to the Threat Log within the Abnormal Security portal. Click on the Filter By “+”, which brings up the filter options. In the lower right hand corner, select the “COVID-19 Attacks”.

Here’s an example of all COVID-19 attacks that are phishing for credentials:

This report can be exported to a CSV for your convenience. You are also welcome to contact our Customer Success team to assist in assembling material to share with your executive teams such as the example below.

More information on the attacks that we’re identifying can be found at our Threat Center as well as our COVID-19 Resource Center.

Subscribe to receive twice-monthly updates of the latest attacks we've detected in the wild:

Related content

Like our article? Share our content