A brand new report has revealed a surge in the usage of so-called “hidden textual content salting” strategies to evade electronic mail safety measures within the latter half of 2024.
This technique, often known as “poisoning,” permits cybercriminals to bypass spam filters, confuse electronic mail parsers and evade detection engines by embedding invisible parts within the HTML supply code of emails.
The newest report from Cisco Talos, Hidden Textual content Salting in E-mail Threats: Developments and Mitigation Methods, highlights the rising prevalence of this easy but efficient tactic.
In response to the report, attackers are using a variety of strategies, together with:
- Modifying HTML and CSS properties like “width: 0” and “show: hidden”
- Inserting zero-width house (ZWSP) and zero-width non-joiner (ZWNJ) characters
- Obfuscating electronic mail content material by embedding irrelevant language
One instance concerned phishing emails mimicking manufacturers comparable to Wells Fargo and Norton LifeLock. By hiding characters utilizing CSS properties or inserting ZWSP characters, these emails evade model title extraction by safety methods.
One other notable case confirmed attackers disguising English emails as French by embedding hidden French phrases, which misled Microsoft’s Trade On-line Safety (EOP) spam filter.
Hidden Textual content Salting in Motion
The research additionally highlights the usage of hidden textual content salting in HTML smuggling. In these circumstances, attackers hid malware in electronic mail attachments by embedding irrelevant feedback inside base64-encoded strings. This strategy disrupted detection engines that usually scan attachments for threats.
Given the challenges posed by this tactic, consultants suggest adopting superior filtering strategies that analyze the construction of HTML emails. For instance, filters can flag extreme use of inline kinds or suspicious CSS properties like “visibility: hidden.”
Moreover, leveraging AI-powered methods to investigate each textual content and visible parts of emails can enhance detection charges.
The report additionally emphasizes the significance of complete electronic mail safety options to counteract this rising risk. As attackers proceed to refine their strategies, organizations should keep vigilant and proactive in defending in opposition to email-based cyber-attacks.
