Improved Detection of Voicemail Phishing Attacks

Abnormal has made improvements to identify and stop Voicemail Phishing attacks, protecting end-users from malware and/or credential theft. Similar to other types of phishing attacks, voicemail attacks appeal to human curiosity and attempt to engage the target with a notification of a voicemail, tempting the user to open an attachment or click on a link.

Invoice Fraud Detection Updates

Abnormal Security now identifies the presence of an invoice, whether in PDF or in text-based form. This improves the overall fraud detection capabilities, though this represents only one of many factors that go into the detection.

Supply chain fraud represents significant risk to your business as attackers exploit trusted business relationships between vendors and customers. Threat actors may launch an attack through vendor impersonation or attack from a compromised vendor account, often with the intent of delivering an invoice fraud attack.

COVID-19 Cyber Threat Coalition IOCs Ingestion

We now consume IOCs published by the COVID-19 Cyber Threat Coalition to ensure all available information is being leveraged in stopping the COVID-19 themed attacks.

The COVID-19 Cyber Threat Coalition is a group of volunteers and organizations from the security community who have come together to stop cyber criminals who are taking advantage of the pandemic. 

APIs for Developers, SIEM and SOAR Integration

With Abnormal's API integration, you now have the ability to connect Abnormal Security with your existing security infrastructure and maximize your security investments. 

This latest integration enables the Abnormal Security platform to connect to your SOAR platform via Abnormal's REST API. The API is bi-directional: You can leverage the insights provided by Abnormal by pulling a list of threats or details of a specific threat. Or you can also use Abnormal as part of a response to take action on a specific threat or case. 

Please contact your account specialist to learn more. 

Portal performance, Bitcoin attack detection update

More Portal Performance Improvements

A recent update provided more than 2X improvement for the Dashboard and the Threat Log. Continued efforts have enabled those improvements to cascade to all other Portal pages. 

Updates to Bitcoin Phishing Attack Detection

Attacks asking for Bitcoin payments (e.g., attempted blackmail) are not new. Abnormal Security has always been stopping these attacks, but as our team has observed the attackers evolving their techniques, we’ve made updates to continue detecting this category of threats.

Bug fix improvements: PDF download, remediation timestamp, IE support

Download PDF Report Fix 

PDF downloads of the dashboard are frequently used for stakeholder reporting. A fix was recently implemented to prevent multiple downloads from occurring when you clicked the "Download PDF Report" button.

Remediation Timestamp Accuracy 

Dwell time of a message within the end user inbox is a critical measure of the risk exposure of any specific threat. With this recent update, the timestamp recorded and displayed now reflects the actual message remediation for accurate reporting of any potential dwell time.

Updates for IE 11 Support

Visual improvements have been made to support access to the portal from IE 11.

Subject search field improvement

The Filter By function in the Threat Log enables you to filter for specific attack types or search for sender, recipient or subject lines. The search capabilities have been improved to allow searches for non-word characters. This helps to account for cases with subject lines such as "re:", "fwd:", "[Action Required]", "@", "#", etc.

New: Email location list in campaign view

Abnormal Security classifies email attacks that are targeted at multiple recipients into campaigns. In the past, you would need to individually investigate each message to identify the folder location for each recipient. This recent enhancement makes your investigation and remediation more efficient by displaying the entire campaign in one view with the folder locations for each recipient.

This change can be seen within email details page when you access the All Recipients modal. 

Link extraction support + preview improvements

Link Extraction from Microsoft Powerpoint

As part of the analysis performed by ABX, links are extracted and analyzed. Links within files are extracted for analysis because attackers will often embed malicious links inside of files to avoid detection from URL analysis tools. This recent update added Microsoft Powerpoint to the list of support file types for URL extraction.

Link Preview Enhancements 

As part of the analysis performed by ABX, links are extracted and analyzed. The Link Preview provides you the ability to quickly and safely view the contents of a link as part of the messages review in the Threat Log. Malicious links may be short-lived preventing a live preview of page. The recent enhancements will highlight a cached screenshot of the site. If this URL is unavailable, you'll be notified with a message that the page is no longer available.

Abnormal platform improvements

Happy Friday! Here's the latest platform improvement from Abnormal Security - 

Portal Performance Improvements

The responsiveness of the portal is important so security analysts can efficiently investigate incidents and review threats. To better serve your needs, we have reduced the latency of the interface - a performance improvement of more than 2x for both the Dashboard and the Threat Log.

ATO Detection Improvements

Abnormal has developed a new detection process that has significantly reduced Account Takeover (ATO) time to detection. Due to these improvements, ATO cases will now be surfaced 2x faster than previous cases. This will allow your teams to respond faster and minimize your organization's risk exposure. 

ATO Workflow

Abnormal has improved the ATO workflow to give more concise and clear information about the events causing the incident. Our email notifications and Portal display a more detailed explanation of the incident, enabling faster response. We’ve also improved the acknowledgement workflow to track what remediation actions you’ve performed on outstanding cases.

ABX Detection Improvements

The Abnormal engineering team has been rapidly evaluating new machine learning features to improve our proprietary ABX detection engine. In the week of April 6th, our team has added 5+ improvements into our models, spanning Identity (improved vendor lookalike detection, email admin impersonation detection, etc.), Behavior (improved rare behavior detection), and Content (improved time urgency vocabulary detection) analysis.

Show Previous EntriesShow Previous Entries