Information Extracted from QR Codes Enhances Abnormal’s AI Detection Engine, Providing Increased Protection Against Evolving Email Attacks
Abnormal Security, the leading AI-native cloud email security platform, today announced enhanced capabilities to detect QR codes in emails and parse their corresponding links. The signals extracted from parsing the QR codes, combined with Abnormal’s behavioral analysis across the broader email environment, strengthens the platform’s ability to detect and block malicious activity.
Recent data from Abnormal shows that QR codes are the primary attack vector in 17% of all advanced attacks targeting customer environments. As QR codes have risen in popularity, offering a convenient format for sharing information, threat actors have also begun to exploit their familiarity, including through credential phishing, extortion, and invoice payment fraud attacks. Attackers are increasingly crafting emails that contain malicious QR codes, often linking these images to a seemingly legitimate website, like a Google or Microsoft login page, and prompting recipients to enter their login credentials, which are then stolen or used to launch additional attacks.
“As threat actors continue to innovate, QR code attacks are on the rise, partly because they tend to work better than more traditional attack types,” said Mike Britton, chief information security officer at Abnormal. “They can be difficult to detect because unlike traditional email attacks, there’s minimal text content and no obvious URL. This significantly reduces the number of signals available for traditional security tools to analyze.”
In contrast, Abnormal takes a radically different approach to stopping advanced email attacks. The unique API architecture ingests thousands of diverse signals to build a baseline of the known-good behavior of every employee and vendor in an organization based on communication patterns, sign-in events, and thousands of other attributes. It then applies advanced AI models including natural language processing (NLP) to detect abnormalities in email behavior that indicate a potential attack. This is how Abnormal has historically detected attacks that use QR codes, including this quishing campaign detected in late 2021.
With the updated capabilities announced today, Abnormal has introduced models specifically designed to determine when an email contains a QR code, whether that is in the body of the email or in image and PDF attachments. The platform now parses the embedded link associated with the QR code, and ingests that information alongside other signals to identify and remediate malicious activity.
“The Abnormal platform already analyzes tens of thousands of signals across the email environment to pinpoint anomalies with high efficacy,” Britton continued. “And now, with the additional ability to accurately detect and parse QR codes, we’re enhancing our detection engine with yet another powerful signal and providing our customers with increased confidence in Abnormal’s ability to stay ahead of emerging threats.”
For more information on a recent QR code attack and additional product details, read this blog post.
Visit AITechPark for cutting-edge Tech Trends around AI, ML, Cybersecurity, along with AITech News, and timely updates from industry professionals!