Abnormal Releases

Learn about recent enhancements to Abnormal's behavioral AI security platform.
December 8, 2022
Inbound Email Security
Attack Detection

Aggregate Detection Model Enhancements

Multiple enhancements that detect anomalies in the aggregate have been added to our detection model.

To better detect malicious use of third-party hosting services like OneDrive and DocuSign, Abnormal added aggregate signals on the sender and recipient level for file-sharing domains. Using frequency metrics, the new aggregate signals detect how often a user sends document-sharing links and how often recipients receive uncommon file-sharing domains to help identify suspicious file-sharing behavior.

As threat actors are constantly shifting that tactics to increase their success rate, we’ve seen the use of image anchors weaponized to contain malicious links. The updated detection model also better identifies images correlated with these types of hidden malicious payloads.