Abnormal Blog
Keep up with the latest news in cybersecurity with insight from our team of experts.
We caught a recent phishing attack through a fake Microsoft Teams email designed to steal Office 365 login credentials.
Companies have largely transitioned to working from home where they can in response to the current pandemic and are relying on conferencing software such as Cisco WebEx. Attackers are taking advantage of this transition to impersonate collaboration and...
Vendor email compromise, in which a compromised vendor sends invoice or payment attacks to their customers, is growing in popularity. An easier to detect method of this attack happens when a vendor is impersonated, rather than compromised. In this attack, the...
Financial institutions are common targets for attackers because of the amount of money in their control. Access to a user’s sensitive information would allow an attacker to commit identity theft, as well as steal any money associated with the account. Many of...
SurveyMonkey is a survey service that is normally used to host legitimate surveys. However, sometimes attackers will utilize file sharing and surveying sites like SurveyMonkey to host redirect links to a phishing webpage. By using these legitimate services...
Microsoft Office offers one-time purchase and subscription plans and has numerous official resellers for its products. Scammers use this fact as an opportunity to impersonate Microsoft and their resellers in order to steal sensitive user data, as well as for...
Abnormal Security has detected an increase in business email compromise (BEC) attacks that successfully compromise email accounts, despite multi-factor authentication (MFA) and Conditional Access. While MFA and modern authentication protocols...
When Abnormal Security was founded, our engineering and data science teams were focused on solving the toughest—and most expensive—email security problem for enterprises: business email compromise, or BEC. Fast-forward to today and Abnormal serves some of the largest enterprises...
Healthcare continues to be a preferred method for cyber attacks, and this attack features an impersonation of UnitedHealthcare in the form of a request for a claim. The email appears to originate from notifications@e-notifications.myuhc.com, which is an authorized...
When we founded Abnormal Security more than two and a half years ago, we met with 50 top CIOs and CISOs who told us two things: they needed a solution to stop a novel set of cyberattacks that increasingly bypassed legacy email security solutions, and they needed it...
Sophisticated social engineering email attacks are on the rise and getting more advanced every day. They prey on the trust we put in our business tools and social networks, especially when a message appears to be from someone on our contact list, or even...
At Abnormal Security, one of our key objectives is to build a detection engine that can continuously adapt to a changing attack landscape. As such, we want to ensure that our systems can rapidly adjust to recent and high-value messages—even with...
On October 21st, 2020, just two weeks before the US general election, many voters in Florida received threatening emails purportedly from the “Proud Boys." These attacks often included some personal information like an address or phone number, threatened violence...
Facebook phishing attacks are popular because users tend to use the same email address and password for other sites. In this attack, the cybercriminal impersonates Facebook to send out a phishing attack using a legitimate Facebook link.
Cybercriminals attempted a phishing scam to access cryptocurrency wallets by impersonating Ledger.
Attackers impersonated USPS while sending out phishing emails designed to steal payment credentials.
Because they contain the keys to the financial kingdom and allow attackers direct access to money, banks tend to be some of the most impersonated organizations. In this attack, attackers mimic an automated notification from BB&T in order to steal recipients' online banking...
PayPal is a well-known money transfer application, used often between friends and family as well as for small businesses. Because PayPal accounts are often linked to credit cards and bank accounts, the company itself is a commonly impersonated brand from attackers...
At Abnormal, the problems we are trying to solve are not that much different from those being tackled by other organizations, including large enterprises. What is unique to startups are the additional constraints placed on the solution space, such as the amount...
Gift card fraud has been a staple of cybercriminals for years. Converting gift cards into cash is quick and easy, and attackers are rarely pursued for conducting these scams. Once the attacker has the gift cards, they can use them to purchase items or sell them at a discounted...
Abnormal Security recently detected two new types of attacks where scammers are targeting victims by redirecting their own Microsoft 365 out-of-office replies as well as read receipts back to them. These tactics indicate attackers are using every available tool and loophole...
In a recent attack uncovered by Abnormal Security, the attacker impersonates LinkedIn to send a malicious attachment that could lead to identity theft. Once the attachment is opened, the victim is asked to put in personal identifying information, including their social security number.
At the core of all Abnormal’s detection products sits a sophisticated web of prediction models. For any of these models to function, we need deep and thoughtfully engineered features, careful modeling of sub-problems, and the ability to join data from a set of databases. For example, one type of email attack...
The prolific attack on SolarWinds and their partner ecosystem will forever change how we view supply chain security and the role email communication plays in it. As the events and details surrounding the attack continue to unfold, we have learned from the company itself...
When attempting to gain credentials to a Google account, the best brand to impersonate is likely Google. In this account, threat actors sent an urgent account message to trick recipients into inputting their Google credentials, hoping to trick...
This January, I joined Abnormal Security as a new grad Software Engineer. As you might expect in the midst of the COVID-19 pandemic, the onboarding process was entirely remote. Prior to graduating from MIT with my BS in Electrical Engineering and Computer Science, I had interned...
In this attack, attackers impersonate a company's Human Resources department and send a COVID-19 scan via a lookalike Microsoft Office 365 email. The original message to the recipient appears to originate from the company’s internal human resources email address.
Abnormal Security has a data-driven culture that permeates the entire organization, from the engineering team to product, sales, and beyond. We make decisions by analyzing data monitoring relevant metrics. For online analytics, we use a great tool called Grafana...
We are starting by eradicating advanced social engineering attacks through email. These attacks bypass traditional email security solutions and are a major problem for customers. Business email compromise (BEC) is the most dangerous cybercrime...
In a recent post, our Head of Platform & Infrastructure Michael Kralka discussed how Abnormal’s rapid growth has forced us to make our core services horizontally scalable. In-memory datasets that start off small become huge memory...
To detect account takeovers, Abnormal Security’s machine learning algorithms utilize many factors related to location, devices, and applications. However, until now, much of that information was not exposed to users. In an effort to be as customer-centric as possible...
You’ll find similar characteristics in BEC that you will in VEC. A common trait of BEC is it does not contain malware or malicious URLs, and due to that technique, it is able to bypass conventional email security measures like SEGs. BEC relies...
Developing a machine learning product for cybersecurity comes with unique challenges. For a bit of background, Abnormal Security’s products prevent email attacks—think credential phishing, business email compromise, and malware—and also...
Machine learning engineering is hard, especially when developing products at high velocity, as is the case for us at Abnormal Security. Typical software engineering lifecycles often fail when developing ML systems.
If an advanced attack finds its way into an employee’s inbox, you hope that they remember their security and awareness training and do not engage with it. However, there is always the risk that they engage with the message—clicking a...
Recent email attacks detected by Abnormal Security, combined with an analysis of historical attack data, indicate that email attacks related to federal taxes are likely to spike in the coming weeks in advance of the May 17th filing deadline. Tax-related attacks in 2021 have followed a...
Our ML pipeline powers a detection engine that catches the most advanced email attacks. These attacks are not only extremely rare, but also change over time in an adversarial way. Since we require both high precision and high recall, and the cost of any error is severe, it is essential...
As the details emerge on the ransomware attack that sent a major U.S. oil pipeline operated by Colonial Pipeline offline for a week, what we do know is that the likelihood the attack emerged from a malicious phishing email attack is extremely high. Earlier this week...
If you’re a podcast fan and haven’t subscribed to Masters of Scale yet, I’d highly recommend it. Reid Hoffman, one of the most successful entrepreneurs and investors of our time—cofounder of LinkedIn and investor in companies like Facebook, Airbnb, and Zynga—is the host, and he shares...
The threat actor behind the SolarWinds attack, the Russian-based Nobelium, has orchestrated another successful vendor email compromise attack, this time targeting the United States Agency for International Development (USAID). According to Microsoft’s...
As VP of Engineering here at Abnormal Security, I’ve had numerous conversations with our team, venture capitalists, and external engineering leaders about the challenges of building and leading engineering teams. Building applied machine learning products at scale requires solving a wide range of challenges...
Abnormal Security saw a significant increase in attacker activity in May 2021. Advanced email threats rose across virtually all industry sectors, with the median rate of advanced email-based attacks increased by 64% between the first and last weeks of May. The bulk...
It’s one thing to add machine learning and artificial intelligence features to an existing software platform. It’s quite another to build an entire company like Abnormal Security around machine learning technology, and to provide practical, everyday value to enterprise organizations.
Over the last three years building our ML-based cybersecurity products at Abnormal Security, I’ve benefitted enormously from discussions with colleagues in the ML space. This podcast aims to make some of those conversations available. In our second episode of Abnormal Engineering Stories...
A request for quote (RFQ) continues to increase in popularity as an attack type, as vendors are likely to open the attachments or click the links associated with these types of email. In this attack, attackers disguise harmful malware as a RFQ...
IRS email impersonations are widespread across all industries. These attacks vary in scale and victim, targeting both individuals and companies as a whole. This particular attack follows the growing trend of utilizing social engineering strategies for malicious engagement...
Security is now a $10 billion business for Microsoft, and the company is a leader in five Gartner Magic Quadrants—access management, endpoint management tools, cloud access security brokers, enterprise information archiving, and endpoint protection platforms. This validation proves that their customers...
Business email compromise (BEC) is the most significant cybersecurity threat to enterprise organizations, with $1.8 billion in reported losses in 2020 alone. This type of email attack occurs when a cybercriminal uses social engineering to impersonate a trusted contact...
Identity theft is not a joke, impacting more than 14 million people each year in the United States alone. Over the course of their lifetime, nearly one-third of all people will become victims of identity theft—often as a result of a corporate data breach. Once attackers have access to identifying information like your full name, address, date of birth, and/or social security number...
Finding messages and purging them within a few clicks is a top priority for many of our customers. We’re pleased to announce that our new Search and Respond feature, designed to solve for this use case, is now available.
There is little doubt that business email compromise and other advanced email threats are causing significant damage–both financial and reputational—to organizations worldwide. Because these never-before-seen attacks contain few indicators of compromise, they evade secure email gateways and other traditional email infrastructure...
Discover how a security-driven RBAC design pattern allows Abnormal customers to maximize their user setup with minimum hurdles.
With school starting this month, cybercriminals are back in action—targeting university students in an attempt to steal valuable personal information. In a recent attack uncovered by Abnormal, a credential phishing attacker used a legitimate email account and created false urgency to steal student credentials through a phishing website.
At Abnormal Security, we’re constantly exploring opportunities to improve our customer’s user experience. In this blog post, we’d like to share Abnormal’s process to design a framework to identify gaps and improve customer’s first-time user experience to onboard our platform.
In engineering teams, there’s a mythical concept of a “10x engineer”— engineers who have 10x more impact and responsibility than the average engineer. Do these engineers actually exist? Is this a myth, or a possibility that engineers can realistically aim to become?
The primary value that Abnormal brings to email security is an advanced, ML-based detection system that can extract and analyze thousands of signals, identify patterns, and adapt over time to detect important attacks–without relying exclusively on threat intel or...
Abnormal Security prides itself on its differentiated technology and superior efficacy when it comes to stopping advanced email attacks. Despite the overwhelming effectiveness of our platform, like all advanced AI systems...
On August 12, 2021, we identified and blocked a number of emails sent to Abnormal Security customers soliciting them to become accomplices in an insider threat scheme. The goal was for them to infect their companies’ networks with ransomware. These emails allege to come from someone with ties to the DemonWare ransomware group.
No one wants to receive an email from human resources that they aren’t expecting. After all, that usually means bad news. And when we think there may be bad news, cybersecurity training tends to fall by the wayside. Threat actors know this, and they’re taking advantage of human emotions.
Working at hyper-growth startups usually means that unreasonable expectations will be thrust on individuals and teams. Demanding timelines, goals, and expectations can lead to high pressure, stress, accountability, and ultimately, extraordinary growth and achievements.
Credential phishing links are most commonly sent by email, and they typically lead to a website that is designed to look like common applications—most notably Microsoft Office 365, Google, Amazon, or other well-known...
Many companies aspire to be customer-centric, but few find a way to operationalize customer-centricity into their team’s culture. As a 3x SaaS startup founder, most recently at Orum, and a veteran of Facebook and Palantir, Ayush Sood...
Abnormal ICES offers all-in-one email security, delivering a precise approach to combat the full spectrum of email-borne threats. Powered by behavioral AI technology and deeply integrated with Microsoft 365...
Happy Cybersecurity Awareness Month! Make sure your workforce is prepared to combat emerging threats all year with these 5 tips.
With an increase in threat actor attention toward compromising accounts, Abnormal is focused on protecting our customers from this potentially high-profile threat. We are pleased to announce that our new Automated Email Account Takeover (ATO) Remediation functionality is available.
As with every equation, there are always two sides and while it can be easy to blame users when they fall victim to scams and attacks, we also need to examine how we build and staff security teams.
Cybersecurity Careers Awareness Week is a great opportunity to explore key careers in information security, particularly as there are an estimated 3.1 million unfilled cybersecurity jobs. This disparity means that cybercriminals are taking advantage of the situation, sending more targeted attacks and seeing greater success each year.
Unfortunately, physically threatening extortion attempts sent via email continue to impact companies and public institutions when received—disrupting business, intimidating employees, and occasioning costly responses from public safety.
With Detection 360, submission to threat containment just got 94% faster, making it incredibly easy for customers to submit false positives or missed attacks, and get real-time updates from Abnormal on investigation, conclusion, and remediation.
What is unique to this campaign is that these messages contained QR codes offering access to a missed voicemail, handily avoiding the URL scan feature for email attachments present in secure email gateways and native security controls
Nearly six months ago, I joined Abnormal as a Product Designer, doubling the size of our Product Design team from one to two. In this time, we've shipped products that protect people against email threats, updated our design system, launched a new brand, and improved many processes. It’s been an exciting time to be at Abnormal, and the experience has made me a better designer.
One of our key objectives at Abnormal is to provide the highest precision detection to block all never-before-seen attacks. We stop a wide range of threats, encompassing everything from social engineering attacks and business email compromise to everyday spam, and we do it without requiring customers to create countless rules, as is the case with traditional secure email gateways.
As we close the books on another Cybersecurity Awareness Month, it’s clear that cybersecurity should be a priority all twelve months—not just one. To do so, security teams should emphasize practical tools (the what) and techniques (the how) to keep the company and employees safe.
As Abnormal grows, we have to maintain a scalable codebase across all areas of engineering to prevent issues around testing, maintainability, and documentation. When organizations scale, a common problem is that the codebase becomes cluttered, with multiple teams writing different code that accomplishes the same task.
Abnormal is focused on our customers, which is why we’re continually updating our product based on customer feedback. Our newest platform capabilities help customers maximize existing security investments with several integrations that will allow security operation centers (SOCs) to better respond to security events and align with internal workflows.
Tony Dong, Director of Engineering at Rippling, is no stranger to the diverse set of engineering problems that fast-growing startups create. Before building and leading his teams at Rippling, Tony was CTO and co-founder at PerShop, a YC backed startup, and Senior Engineer at Twitter, Periscope, and TellApart.
Since well-known hacker Kevin Mitnick helped popularize the term 'social engineering' in the 1990s, both physical and cybersecurity professionals have become increasingly aware of the risks associated with the human element. The idea itself, and many of the techniques associated with social engineering, have been around as long as there have been scam artists.
As major social media platforms have expanded the ability of creators to monetize their content in the last few years, they and their users have increasingly found themselves the targets of malicious activity. TikTok is now no exception.
One of the key objectives of the Abnormal platform is to provide the highest precision detection to block all never-before-seen attacks. This ranges from socially-engineered attacks to account takeovers to everyday spam, and the platform does it without customers needing to create countless rules like with traditional secure email gateways.
At Abnormal Security, we use a data science-based approach to keep our customers safe from the most advanced email attacks. This requires processing huge amounts of data to train machine learning models, build datasets, and otherwise model the typical behavior of the organizations we’re protecting.
On November 9, 2021, we identified an unusual phishing email that claimed to be from “Immigration Visa and Travel,” inviting the recipient to renew their membership in the TSA PreCheck program. The email wasn’t sent from a .gov domain, but the average consumer might not immediately reject it as a scam, particularly because it had the term “immigrationvisaforms” in the domain. The email instructed the user to renew their membership at another quasi-legitimate-looking website.
Our newest platform capabilities help customers streamline critical security workflows, like triaging phishing mailbox submissions or triggering tickets to investigate account takeovers, through automated playbooks. Doing so can decrease mean time to respond (MTTR) to incidents, further reducing any potential risk to the organization and eliminating manual workflows to save time and increase the efficiency of IT and security teams.
Before we jump into modern threats, I think it’s important to set the stage since email has been around. Since email existed, threat actors targeted email users with malicious messages, general spam, and different ways to take advantage of the platform. Then of course, more dangerous attacks started to come up… things like malware and other viruses.
At Abnormal, our customers have always been our biggest priority. Customer obsession is one of our five company values, and we live this every single day as we provide the best email security protection available for the hundreds of companies who entrust us to protect their mailboxes.
For those of you who have visited the Abnormal website over the last month, you’ve seen something different—a redesigned brand focused on precision. It’s new and innovative, and different from any other cybersecurity company, because it was created with one thing in mind: our customers.
The phishing email is one of the oldest and most successful types of cyberattacks. Attackers have long used phishing as a common attack vector to steal sensitive information or credentials from their victims. While most phishing emails are relatively simple to spot, the number of successful attacks has grown in recent years.
Learn about Abnormal’s enhanced SIEM export schema, which provides centralized visibility into email threats
At a hyper-growth startup, a solution from six months ago will unfortunately no longer scale. The business is growing rapidly, and this traffic to this service in particular was growing at an unprecedented rate. We hit a point where it needed re-architecting to support 10x the current scale.
Meeting invites are one of the most common types of emails sent today, so it should come as no surprise that attackers have found a way to manipulate them. Scores of recipients that utilize Abnormal Security recently received emails that contained a .ics attachment—an invitation file commonly used to populate online calendar applications with meeting and event information.
Managing and monitoring an Abuse Mailbox can be a significant pain point for IT security teams, particularly large organizations with thousands of employees.
Abnormal Security recently identified a scam aimed at the Canadian electronic travel authorization (eTA) program, which bears a striking resemblance to a long-standing fraud scheme described in our post from several weeks ago targeting TSA travel program applicants.
Tim Tully, Partner at Menlo Ventures, grew up in Silicon Valley, where a love for coding was kindled in him. Tim is a technologist to the core, which innately led him to become an elite technical leader at companies like Splunk and Yahoo.
Customers place tremendous trust in Abnormal to protect them from the full spectrum of attacks when they provide us access to the email stored in Microsoft 365 or Google Workspace. To that end, we’re focused on protecting your data and building your trust.
Over the last few days, Abnormal has successfully blocked multiple attempts by attackers to deliver emails similar to these to our customers’ unsuspecting end users.
We've arrived at that time of year—a time for reflection and celebration and spending time with family, and also that time of year where the cyber grinches hope to spoil the holiday fun.
Phishing attacks are on the rise; the FBI reports that such attacks cost $52 million in 2022, and phishing has been the most common cybercrime reported to the IC3 since 2019. If you're one of the many people targeted by a phishing email, you're not alone.
Estimating both the time and cost to complete a task has been a continual challenge for engineering teams as long as I’ve been working in industry. Coordinating the complex interactions and execution task sequencing across multiple tasks and people is a complex, ever-evolving challenge, and one that most teams struggle with daily.
Abnormal’s relentless pursuit of innovation significantly improves the detection efficacy of hidden payloads in emails by an additional 5%.
As a growing startup, things are constantly changing. From our booming customer base to expanding product lines, Abnormal Security is quickly becoming familiar with the idea of scaling.
Learn how customers have influenced the latest round of product enhancements to better protect your organization from email-borne threats.