Abnormal Security Announces Enhanced Capabilities to Detect Qr Code Attacks, as Quishing Accounts for 17 Percent Of All Advanced Attacks

Information Extracted from QR Codes Enhances Abnormal’s AI Detection Engine, Providing Increased Protection Against Evolving Email Attacks

Abnormal Security, the leading AI-native cloud email security platform, announced enhanced capabilities to detect QR codes in emails and parse their corresponding links. The signals extracted from parsing the QR codes, combined with Abnormal’s behavioral analysis across the broader email environment, strengthens the platform’s ability to detect and block malicious activity.

Recent data from Abnormal shows that QR codes are the primary attack vector in 17% of all advanced attacks targeting customer environments. As QR codes have risen in popularity, offering a convenient format for sharing information, threat actors have also begun to exploit their familiarity, including through credential phishing, extortion, and invoice payment fraud attacks. Attackers are increasingly crafting emails that contain malicious QR codes, often linking these images to a seemingly legitimate website, like a Google or Microsoft login page, and prompting recipients to enter their login credentials, which are then stolen or used to launch additional attacks.

Recommended AI News: Riding on the Generative AI Hype, CDP Needs a New Definition in 2024

“As threat actors continue to innovate, QR code attacks are on the rise, partly because they tend to work better than more traditional attack types,” said Mike Britton, chief information security officer at Abnormal. “They can be difficult to detect because unlike traditional email attacks, there’s minimal text content and no obvious URL. This significantly reduces the number of signals available for traditional security tools to analyze.”

Recommended AI News: Forum3 Unveils Hive3 A New Platform Connecting Brands with AI Creators

In contrast, Abnormal takes a radically different approach to stopping advanced email attacks. The unique API architecture ingests thousands of diverse signals to build a baseline of the known-good behavior of every employee and vendor in an organization based on communication patterns, sign-in events, and thousands of other attributes. It then applies advanced AI models including natural language processing (NLP) to detect abnormalities in email behavior that indicate a potential attack. This is how Abnormal has historically detected attacks that use QR codes, including this quishing campaign detected in late 2021.

With the updated capabilities announced, Abnormal has introduced models specifically designed to determine when an email contains a QR code, whether that is in the body of the email or in image and PDF attachments. The platform now parses the embedded link associated with the QR code, and ingests that information alongside other signals to identify and remediate malicious activity.

Recommended AI News: AccYouRate Rett Study Paves the Way for Predictive Behavioral Analysis in Healthcare

“The Abnormal platform already analyzes tens of thousands of signals across the email environment to pinpoint anomalies with high efficacy,” Britton continued. “And now, with the additional ability to accurately detect and parse QR codes, we’re enhancing our detection engine with yet another powerful signal and providing our customers with increased confidence in Abnormal’s ability to stay ahead of emerging threats.”

[To share your insights with us, please write to sghosh@martechseries.com]