Information Extracted from QR Codes Enhances Abnormal’s AI Detection Engine, Providing Increased Protection Against Evolving Email Attacks
Abnormal Security, the leading AI-native cloud email security platform, announced enhanced capabilities to detect QR codes in emails and parse their corresponding links. The signals extracted from parsing the QR codes, combined with Abnormal’s behavioral analysis across the broader email environment, strengthens the platform’s ability to detect and block malicious activity.
“They can be difficult to detect because unlike traditional email attacks, there’s minimal text content and no obvious URL.This significantly reduces the number of signals available for traditional security tools to analyze.”
Recent data from Abnormal shows that QR codes are the primary attack vector in 17% of all advanced attacks targeting customer environments. As QR codes have risen in popularity, offering a convenient format for sharing information, threat actors have also begun to exploit their familiarity, including through credential phishing, extortion, and invoice payment fraud attacks. Attackers are increasingly crafting emails that contain malicious QR codes, often linking these images to a seemingly legitimate website, like a Google or Microsoft login page, and prompting recipients to enter their login credentials, which are then stolen or used to launch additional attacks.
CIO INFLUENCE News: Snowflake Advances its Trusted Data Foundation to Unite All Data and Extend Its Powerful Governance Capabilities
“As threat actors continue to innovate, QR code attacks are on the rise, partly because they tend to work better than more traditional attack types,” said Mike Britton, chief information security officer at Abnormal. “They can be difficult to detect because unlike traditional email attacks, there’s minimal text content and no obvious URL. This significantly reduces the number of signals available for traditional security tools to analyze.”
In contrast, Abnormal takes a radically different approach to stopping advanced email attacks. The unique API architecture ingests thousands of diverse signals to build a baseline of the known-good behavior of every employee and vendor in an organization based on communication patterns, sign-in events, and thousands of other attributes. It then applies advanced AI models including natural language processing (NLP) to detect abnormalities in email behavior that indicate a potential attack. This is how Abnormal has historically detected attacks that use QR codes, including this quishing campaign detected in late 2021.
CIO INFLUENCE News: SCYTHE Latest Version 4.1 Introduces Enhanced Deployment and AI-Driven Productivity Boost
With the updated capabilities announced today, Abnormal has introduced models specifically designed to determine when an email contains a QR code, whether that is in the body of the email or in image and PDF attachments. The platform now parses the embedded link associated with the QR code, and ingests that information alongside other signals to identify and remediate malicious activity.
“The Abnormal platform already analyzes tens of thousands of signals across the email environment to pinpoint anomalies with high efficacy,” Britton continued. “And now, with the additional ability to accurately detect and parse QR codes, we’re enhancing our detection engine with yet another powerful signal and providing our customers with increased confidence in Abnormal’s ability to stay ahead of emerging threats.”
CIO INFLUENCE News: Astound Business Solutions and CoreSite Set Alliance to Deliver High-Capacity, Secure Connectivity
[To share your insights with us, please write to sghosh@martechseries.com]