Abnormal develops a cloud email security platform protecting enterprises from targeted email attacks. Its platform uses abnormal behavior technology (ABX), which combines the abnormal identity model, the abnormal relationship graph, and abnormal content analysis to stop attacks that lead to account takeover, financial damage, and organizational mistrust. It was founded in 2018 and is based in San Francisco, California.
ESPs containing Abnormal
The ESP matrix leverages data and analyst insight to identify and rank leading companies in a given technology landscape.
The security awareness training market offers a range of solutions designed to educate employees about security best practices and help prevent security breaches caused by human error. Security awareness training programs cover a range of topics, including password management, phishing awareness, and data protection. By leveraging these solutions, businesses can improve their security posture and …
Research containing Abnormal
Get data-driven expert analysis from the CB Insights Intelligence Unit.
CB Insights Intelligence Analysts have mentioned Abnormal in 1 CB Insights research brief, most recently on May 11, 2022.
Expert Collections containing Abnormal
Expert Collections are analyst-curated lists that highlight the companies you need to know in the most important technology spaces.
Abnormal is included in 4 Expert Collections, including Unicorns- Billion Dollar Startups.
Unicorns- Billion Dollar Startups
Companies developing artificial intelligence solutions, including cross-industry applications, industry-specific products, and AI infrastructure solutions.
The winners of the 4th annual CB Insights AI 100.
These companies protect organizations from digital threats.
Abnormal has filed 32 patents.
Email, Spamming, Computer network security, Spam filtering, Message transfer agents
Email, Spamming, Computer network security, Spam filtering, Message transfer agents
Latest Abnormal News
Aug 29, 2023
Abnormal Security: Microsoft Tops List of Most-Impersonated Brands in Phishing Exploits Account Information Check out this article I found on TechRepublic. Your email has been sent Image: Timon/Adobe Stock A significant portion of social engineering attacks, such as phishing, involve cloaking a metaphorical wolf in sheep’s clothing. According to a new study by Abnormal Security , which looked at brand impersonation and credential phishing trends in the first half of 2023, Microsoft was the brand most abused as camouflage in phishing exploits. Of the 350 brands spoofed in phishing attempts that were blocked by Abnormal, Microsoft’s name was used in 4.31% — approximately 650,000 — of them. According to the report, attackers favor Microsoft because of the potential to move laterally through an organization’s Microsoft environments. Abnormal’s threat unit also tracked how generative AI is increasingly being used to build social engineering attacks. The study examines how AI tools make it far easier and faster for attackers to craft convincing phishing emails, spoof websites and write malicious code. Jump to: Top 10 brands impersonated in phishing attacks If 4.31% seems like a small figure, Abnormal Security CISO Mike Britton pointed out that it is still four times the impersonation volume of the second most-spoofed brand, PayPal, which was impersonated in 1.05% of the attacks Abnormal tracked. Following Microsoft and PayPal in a long tail of impersonated brands in 2023 were: Microsoft: 4.31% Oracle: 0.21% Best Buy, American Express, Netflix, Adobe and Walmart are some of the other impersonated brands among the list of 350 companies used in credential phishing and other social engineering attacks Abnormal flagged over the past year. Attackers increasingly rely on generative AI One aspect of brand impersonation is the ability to mimic the brand tone, language and imagery, something that Abnormal’s report shows phishing actors are doing more of thanks to easy access to generative AI tools. Generative AI chatbots allow threat actors to create not only effective emails but picture perfect faux-branded websites replete with brand-consistent images, logos and copy in order to lure victims into entering their network credentials. For example, Britton, who authored the report, wrote that Abnormal discovered an attack using generative AI to impersonate the logistics company DHL. To steal the target’s credit card information, the sham email asked the victim to click a link to pay a delivery fee for “unpaid customs duties (Figure A).” Figure A In a phishing attack spoofing DHL, Abnormal identified the words in green as mostly likely generated by AI. Image: Abnormal Security. How Abnormal is dusting generative AI fingerprints in phishing emails? Britton explained to TechRepublic that Abnormal tracks AI with its recently launched CheckGPT , an internal, post-detection tool that helps determine when email threats — including phishing emails and other socially-engineered attacks — have likely been created using generative AI tools. “CheckGPT leverages a suite of open source large language models to analyze how likely it is that a generative AI model created the email message,” he said. “The system first analyzes the likelihood that each word in the message has been generated by an AI model, given the context that precedes it. If the likelihood is consistently high, it’s a strong potential indicator that text was generated by AI.” Attackers use generative AI for credential theft Britton said attackers’ use of AI includes crafting credential phishing, business email compromises and vendor fraud attacks. While AI tools can be used to create impersonated websites as well, “these are typically supplemental to email as the primary attack mechanism,” he said. “We’re already seeing these AI attacks play out — Abnormal recently released research showing a number of emails that contained language strongly suspected to be AI-generated, including BEC and credential phishing attacks.” He noted that AI can fix the dead giveaways: typos and egregious grammatical errors. “Also, imagine if threat actors were to input snippets of their victim’s email history or LinkedIn profile content within their ChatGPT queries. This brings highly personalized context, tone and language into the picture — making BEC emails even more deceptive,” Britton added. How hard is it to build effective email exploits with AI? Not very. Late in 2022, researchers at Tel Aviv-based Check Point demonstrated how generative AI could be used to create viable phishing content, write malicious code in Visual Basic for Applications and macros for Office documents, and even produce code for reverse shell operations (Figure B). Figure B Check Point researchers created an effective phishing email with ChatGPT. Image: Check Point Software They also published examples of threat actors using ChatGPT in the wild to produce infostealers and encryption tools (Figure C). Figure C How credential-focused phishing attacks lead to BECs Britton wrote that credential phishing attacks are pernicious partly because they are the first step in an attacker’s lateral journey toward achieving network persistence, which is an offender’s ability to take up parasitic, unseen residence within an organization. He noted that when attackers gain access to Microsoft credentials, for example, they can enter the Microsoft 365 enterprise environment to hack Outlook or SharePoint and do further BECs and vendor fraud attacks . “Credential phishing attacks are particularly harmful because they are typically the first step in a much more malicious campaign,” wrote Britton. Because persistent threat actors can pretend to be legitimate network users, they can also perform thread hijacking , where attackers insert themselves into an existing enterprise email conversation. These tactics let actors insert themselves into email strings and hijack them to launch further phishing exploits, monitor emails, learn the organizational command chain and target those who, for example, authorize wire transfers. “When attackers gain access to banking credentials, they can access the bank account and move funds from their victim’s account to one they own,” noted Britton. With stolen social media account credentials gained through phishing exploits, he said attackers can use the personal information contained in the account to extort victims into paying money to keep their data private. BECs on the rise, along with sophistication of email attacks Britton noted that successful BEC exploits are a key means for attackers to steal credentials from a target via social engineering. Unfortunately, BECs are on the rise , continuing a five-year trend, according to Abnormal. Microsoft Threat Intelligence reported that it detected 35 million business email compromise attempts, with an average of 156,000 attempts daily between April 2022 and April 2023. Splunk’s 2023 State of Security report , based on a global survey of 1,520 security and IT leaders who spend half or more of their time on security issues, found that over the past two years, 51% of incidents reported were BECs — a nearly 10% increase vs. 2021 — followed by ransomware attacks and website impersonations. Also increasing is the sophistication of email attacks , including the use of financial supply chain compromise, in which attackers impersonate a target organization’s vendors to, for example, request that invoices be paid, a phenomenon Abnormal reported on early this year. If not dead giveaways, strong warning signs of phishing The Abnormal report suggested that organizations should be on the lookout for emails from a roster of often-spoofed brands that include: Persuasive warnings about the potential of losing account access. Fake alerts about fraudulent activity. Demands to sign in via the provided link. Subscribe to the Cybersecurity Insider Newsletter Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays
Abnormal Frequently Asked Questions (FAQ)
When was Abnormal founded?
Abnormal was founded in 2018.
Where is Abnormal's headquarters?
Abnormal's headquarters is located at 185 Clara Street, San Francisco.
What is Abnormal's latest funding round?
Abnormal's latest funding round is Series C - II.
How much did Abnormal raise?
Abnormal raised a total of $294M.
Who are the investors of Abnormal?
Investors of Abnormal include Falcon Fund, Greylock Partners, Menlo Ventures and Insight Partners.
Who are Abnormal's competitors?
Competitors of Abnormal include Armorblox, Mimecast, Red Sift, GreatHorn, IRONSCALES and 9 more.
Compare Abnormal to Competitors
Mimecast (NASDAQ: MIME) is a cybersecurity company providing artificial intelligence (AI)-powered email security solutions. It provides a suite of cybersecurity tools and platforms for email security and resilience, data governance, ransomware protection, and more. The company was founded in 2003 and is based in London, United Kingdom.
INKY operates as a cloud-based email security platform with integrated artificial intelligence. It recognizes logos, brand colors, and email signatures and understands email, and searches for signs of fraud and imposters. INKY was formerly known as New Arcode. The company was founded in 2008 and is based in College Park, Maryland.
Valimail delivers fully automated email authentication as a cloud service. The platform monitors enforces, and amplifies business domains. Its platform works for stopping fake emails, protecting brands, and helping ensure compliance. It was founded in 2015 and is based in San Francisco, California.
Proofpoint is a company that develops security and compliance solutions. It offers email, mobile, desktop, cloud, digital risk, and information protection products as well as provides security awareness training, archiving, and compliance solutions. The company serves the federal government, higher education, financial services, healthcare, and other markets. In August 2021, Proofpoint was acquired by Thoma Bravo at a valuation of $12.3B.
IRONSCALES provides an artificial intelligence-driven email security platform. The company offers ransomware protection, credential theft protection, account takeover protection, security awareness training, phishing stimulation testing, and more. It was founded in 2014 and is based in Atlanta, Georgia.
Material Security uses ubiquitous tools to understand and mitigate risk in cloud office applications. It connects and helps to analyze risk, detects threats, automatically investigates incidents, and crowdsource mitigation with end-users via integrations with identity providers. The company was formerly known as Stellarite. It was founded in 2017 and is based in Redwood City, California.