Hidden Text Salting Disrupts Brand Name Detection Systems

Written by

A new report has revealed a surge in the use of so-called “hidden text salting” techniques to evade email security measures in the latter half of 2024. 

This method, also known as “poisoning,” allows cybercriminals to bypass spam filters, confuse email parsers and evade detection engines by embedding invisible elements in the HTML source code of emails.

The latest report from Cisco Talos, Hidden Text Salting in Email Threats: Trends and Mitigation Strategies, highlights the growing prevalence of this simple yet effective tactic.

According to the report, attackers are employing a range of techniques, including:

  • Modifying HTML and CSS properties like “width: 0” and “display: hidden”
  • Inserting zero-width space (ZWSP) and zero-width non-joiner (ZWNJ) characters
  • Obfuscating email content by embedding irrelevant language

One example involved phishing emails mimicking brands such as Wells Fargo and Norton LifeLock. By hiding characters using CSS properties or inserting ZWSP characters, these emails evade brand name extraction by security systems.

Another notable case showed attackers disguising English emails as French by embedding hidden French words, which misled Microsoft’s Exchange Online Protection (EOP) spam filter.

Hidden Text Salting in Action

The study also highlights the use of hidden text salting in HTML smuggling. In these cases, attackers concealed malware in email attachments by embedding irrelevant comments within base64-encoded strings. This approach disrupted detection engines that typically scan attachments for threats.

Read more on attacks exploiting hidden text: Researchers Uncover New “Conversation Overflow” Tactics

Given the challenges posed by this tactic, experts recommend adopting advanced filtering techniques that analyze the structure of HTML emails. For example, filters can flag excessive use of inline styles or suspicious CSS properties like “visibility: hidden.”

Additionally, leveraging AI-powered systems to analyze both text and visual elements of emails can improve detection rates.

The report also emphasizes the importance of comprehensive email security solutions to counteract this growing threat. As attackers continue to refine their methods, organizations must stay vigilant and proactive in defending against email-based cyber-attacks.

What’s hot on Infosecurity Magazine?