R&D Release Notes - Week of December 2, 2024

We’ve enhanced our detection capabilities across various threats, including image-based malicious redirects, credential phishing with QR-coded PDFs and Bitcoin extortion scams. Additionally, we’ve improved integration with Azure Sentinel, enabling more robust ingestion of Threat Log data to support our expanding platform.

This week’s attack spotlight reveals a sophisticated phishing campaign leveraging corrupted Word documents to compromise Office 365 credentials. Threat actors sent benefit-themed emails containing corrupted but recoverable documents tailored with the targeted company’s logo and employee names. These documents included QR codes that, when scanned, redirected victims to a highly convincing phishing website mimicking the Office 365 login page.

This attack bypassed traditional SEGs by exploiting corrupted attachments and sending emails from domains that passed SPF/DMARC authentication checks. Despite these measures, Abnormal’s advanced behavioral AI identified anomalies in sender behavior, unusual email content, and previously unseen URLs, enabling early detection and remediation.