4 min read 
0 comments 
Researchers warn about the use of CSS to hide information and bypass security filters in phishing attempts!
A cyber security is on alert due to a new strategy of hackers which aims to bypass spam filters and threat detection systems in emails.
Researchers from Talos Intelligence, Cisco's threat detection unit, identified an innovative practice that uses CSS (Cascading Style Sheets) to send attempts to Phishing.
This technique represents an advance in the social engineering tactics used by cybercriminals.
- Sacani comments on the company that resurrected the extinct dire wolf
- South Korea creates super metal that can withstand freezing temperatures of -196°C to extremes of 600°C
- End of labor shortage in agriculture: China to create 'human robot' capable of working as a farmer
- Raindrops and plastic pipes: simple innovation generates clean and sustainable energy and could be essential to supply remote areas
The new approach of hackers
Os hackers have constantly adapted to circumvent security measures implemented by companies and users.
The proposed new strategy involves using CSS to hide information in the email code.
This allows criminals to craft messages that appear legitimate but actually contain malicious links or content.
This approach not only makes attempts to Phishing more subtle, but also allows the hackers track victims’ interactions, identifying who opened the emails and clicked on the links.
Understanding CSS and its use in emails
CSS is a stylesheet language that plays a crucial role in formatting web pages.
It allows developers and designers to adjust the presentation of text, images, and other visual elements.
In the context of emails, CSS can be used to adapt messages to the different devices that will receive them, be it a computer, mobile phone or tablet.
However, malicious use of CSS by hackers is worrying.
A Talos Intelligence highlights that by hiding content in the code, the hackers can send emails that go unnoticed by traditional spam filters.
The result is an increase in the effectiveness of campaigns Phishing, which can lead to theft of sensitive data, such as banking information and access credentials.
Email analysis and threat detection
To combat this new tactic, it is essential that companies and users reinforce their security practices.
One of the recommendations is to improve security mechanisms, implementing filters that can detect hidden texts and unexpected changes in the content of emails.
This may include the use of artificial intelligence algorithms that learn to recognize patterns of behavior in email messages.
Additionally, visual analysis of messages is an effective approach.
Tools that examine the visual characteristics of emails can identify marks of Phishing that are based on images or text formatting.
This analysis can be an additional layer of protection, especially in corporate environments where information security is critical.
Practical measures to increase security
In addition to the recommendations mentioned, there are several practical steps that individuals and organizations can take to increase their cybersecurity:
- Education and awareness: Train employees and users on the risks of Phishing and how to recognize suspicious emails is essential. Awareness campaigns can make a big difference in preventing attacks.
- Two-step authentication: Implementing two-step authentication systems for account access can add an extra layer of security, making unauthorized access more difficult, even if credentials are compromised.
- Software updates: Keeping all systems and software up to date is crucial to protect against known vulnerabilities that hackers can explore.
- Use of security solutions: Tools like antivirus, firewalls, and email security solutions can help identify and block threats before they cause damage.
The Future of Cybersecurity
With the constant evolution of tactics used by hackers, the scenario of cyber security is constantly changing.
New technologies and techniques are always being developed, both by criminals and security professionals.
As more businesses and individuals become dependent on technology, protecting against cyberattacks becomes increasingly critical.
Using CSS to hide information in emails is just one of many strategies that hackers can employ.
Therefore, constant vigilance, security education, and adoption of best practices are critical to protecting sensitive data and information from malicious attacks.
The challenge is great, but with the right combination of technology, awareness and precautions, it is possible to mitigate the risks and strengthen the cyber security.
SOURCE: OLHARDIGITAL
