Use Case: Payloadless Malware

Discover how Abnormal prevents text-only emails that direct employees externally to download malware.
Use Case: Payloadless Malware

Watch the video to see how Abnormal detects malware attacks that have no payload.

Video Transcript

Let's take a look at an example of an attack that we're starting to see a lot more frequently. This is going to be one of those call center scam types of emails.

So if we click into this here, we can actually take a look at this email. We look at the sender address and we see it's coming from a friendly name McAfee Support, but of course, it's coming from this address. Some threat actor has registered this email address and is impersonating McAfee Support, and the body of this email is saying, "Hey, you've purchased this product from us. If you would like to dispute this purchase or if there's something wrong with this, please call us at this phone number right here." Of course, the real end user never purchased this.

The threat actor is trying to get them to engage with them and when they do call this phone number, when the end user calls this phone number, a multitude of different things could take place here. It could be as simple as the threat actor asking them to confirm their credit card number. Now that the end user has given up their credit card information.

But what we've been seeing with these really, really malicious attacks is the threat actor requests remote access to their machine so they can go and uninstall the software. But of course, instead of uninstalling any software, they're in there potentially exfiltrating data. They're installing malware; they're creating backdoors. There's a multitude of different things that a threat actor could do once they have that remote desktop session started.

This is also very difficult to detect for traditional security solutions. Since this is coming from a legitimate Gmail address, it's going to pass all of our sender authentication methods and it doesn't have any links or attachments. This is a purely text-based email.

So how is Abnormal able to uniquely detect this attack?

Well, first of all, we see this unusual sender. We typically don't see emails coming from this mcafeeinvoiceusa@gmail[.]com and we did call this out as a brand impersonation. Looking at the actual content of this email, we're seeing some language around personal information theft. We've seen emails like this in the past. And beyond that, we see this suspicious financial request and the potential to be stealing money, and that's all based on our natural language processing that we can see taking place right here. We can see the actual language called out specifically.

For this type of email, we are able to accurately detect it as phishing for sensitive data here, and we would go ahead and automatically remediate this email so the user would never have access to it.

Want to know more? Request your personalized demo today.

See Abnormal in Action

Schedule a Demo

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email and collaboration application attacks with Abnormal.
See a Demo

Related Resources

B Seg WS
Explore how your security team can simplify email security by eliminating legacy secure email gateways (SEGs).
Watch Now
B 08 30 23 Avery Dennison Vid
Materials science and digital identification leader saves time and protects vendor relationships with Abnormal for Google Workspace.
Read More
Discover how EAB modernized their email security stack and blocked advanced attacks by saying goodbye to their SEG.
Watch Now
B 08 23 23 BRD03 Evan Asheem Video v2
Abnormal CEO and Co-Founder Evan Reiser sits down with Asheem Chandna, Greylock Partner and Investor to talk about the email security landscape and how Abnormal continues to protect its customers.
Watch Now
B 8 4 23 Integrations DS
Integrate with your security tools to centralize insights and speed up remediation.
Read More
B 7 27 23 SEG Webinar
Discover how DexKo Global modernized their email security stack and blocked advanced attacks by removing their legacy SEG.
Watch Now
B 07 07 22 Noname Vid
Fast-growing API protection provider protects its email ecosystem from advanced impersonation threats.
Read More
B 07 10 23 MKT338 CISO Roadshow One Pager
Discover how to protect your cloud email from the most advanced attacks.
Read More
B 08 25 23 MKT006 08 28 23 Updated cover graphics for Evan Changing Landscape Video
See how Abnormal is working to make the cloud a safer place for business by protecting against all types of attacks across all types of cloud applications.
Watch Now