Use Case: Malware - Attachment

Learn how Abnormal detects and stops malicious attachments before they reach your end users.

Watch the video to see a how Abnormal discovers and blocks malicious attachments.

Video Transcript

Abnormal is very uniquely positioned to detect attacks that don't have any traditional payload—no links, no attachments. But let's take a look at what Abnormal is able to do with those types of attacks that do have a payload with an attachment. In this case, it's going to be an attachment leading to some sort of malware taking place here.

In this case, if we take a look at the body of the email, it's very simplistic. It's very text-based, right? This is coming from what looks to be an external sender—likely a compromised sender that we have taking place here and likely a vendor of ours. We can see this is simply saying, "Hi, good day. Please see your KRA for the month of May 2021. Any questions for your performance, please let me know." We come down here and we see, again, there are no links, but we do have a couple of attachments.

The first attachment is just a basic .htm that looks like it's going out to the website of the compromised user that's sending this. But we also have this nice .xlsm where we're probably gonna try to run some macros. And this may look familiar to you as a very common tactic that was being used here.

This is not a real Microsoft message. This is the threat actor putting this text in here saying, "Hey, this document's protected." For you to see the content, you simply need to hit this Enable Content button, which will have those macros run. And they can do a multitude of different things that take place there once those macros are disabled. So this is the way for the threat actor to get past that traditional Microsoft protection for these types of attachments.

Looking at how Abnormal would uniquely detect this attack, we have a ton of different indicators.

For one, we don't typically see this sender sending emails with this type of language. We also have this suspicious attachment, right? We see the macros being run here, which is a very common thing that we see with malware attacks. Next, this is not a very common attachment that this specific user receives. So not only does this person not send these types very often, but this person doesn't typically receive these types of emails. And lastly, as we see in this suspicious Excel attachment, by our behavioral understanding of it, we see a sheet with a lot of empty cells—another very common pattern with these malware and credential phishing-based attacks.

So we did accurately determine that this email, based on all these indicators and actually several others, this attack was malware and we would've automatically remediated it so the user never would've seen this email.

Want to know more? Request your personalized demo today.

Use Case: Malware - Attachment

See Abnormal in Action

Schedule a Demo

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22

Related Resources

Abnormal Landscape
See how Abnormal is working to make the cloud a safer place for business by protecting against all types of attacks across all types of cloud applications.
Watch Now
B TAG Cyber
Download the white paper to discover how to better secure your cloud email environment and choose the right security solutions provider.
Read More
New survey reveals the latest trends shaping communication and collaboration application security.
Read More
B 1500x1500 Choice Hotels Bright Talk Demo Day L1 R1
Discover how Choice Hotels is simplifying their email security, streamlining their operations, and preventing email attacks with the highest efficacy.
Watch Now
B 05 01 23 MKT279 New Slack Data Sheet
Secure your messages and keep Slack from becoming an entry point for attackers.
Read More
B 05 02 23 MKT283 New Zoom Solution Brief
Protect your Zoom collaboration and prevent attackers from using the application to breach your business.
Read More
B Email Like SPM
Monitor high-impact changes to user privileges across collaboration apps with Email-Like Security Posture Management.
Read More
B Email Like Messaging Security
Detect malicious message content across collaboration apps with Email-Like Messaging Security.
Read More
B Email Like ATO
Detect compromised user accounts across your critical communication channels with Email-Like Account Takeover Protection.
Read More