chat
expand_more

Aggregate Detection Model Enhancements

Abnormal now detects suspicious file-sharing behavior with new aggregate signals that analyze sender and recipient patterns across third-party services.
December 8, 2022
Enhancement
Detection

Multiple enhancements that detect anomalies in the aggregate have been added to our detection model.

To better detect malicious use of third-party hosting services like OneDrive and DocuSign, Abnormal added aggregate signals on the sender and recipient level for file-sharing domains. Using frequency metrics, the new aggregate signals detect how often a user sends document-sharing links and how often recipients receive uncommon file-sharing domains to help identify suspicious file-sharing behavior.

As threat actors are constantly shifting that tactics to increase their success rate, we’ve seen the use of image anchors weaponized to contain malicious links. The updated detection model also better identifies images correlated with these types of hidden malicious payloads.

Get the Latest Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.