Hackers are now using a new hacking scheme to breach email addresses. Cybercriminals are using remote photos to bypass the security features of an email service.
Cybercriminals are usually using images in their phishing emails to make them look legitimate. However, a security firm discovered that the malicious attackers are now using a new method so that they could evade email filters.
Remote image space has traditionally been a popular method to circumvent email filters. Why? Because this technique doesn’t have textual content that the security features could analyze.
Instead, the hackers integrate the textual content in the image itself, making it harder for the security filters to scan for possible frauds, scams, or other malicious acts.
On the other hand, MD5 and other cryptographic hashing algorithms make it easy for email filters to detect identical images. However, detecting similar photos requires complex and costly algorithms.
Because of this setup, hackers usually manipulate their photos slightly by adjusting their compression level, geometry, or colorimetry to bypass email security filters.
Cybercriminals’ new remote image manipulation
The cybercriminals’ new method’s goal is to manipulate each remote image in order to circumvent signature-based technologies. Since the new technique is continuously growing, email security providers also improved their ability to extract and analyze content from the email messages’ photos.
Since email vendors are enhancing their defenses, hackers are now widely using the new technique to breach email filters easily. Security features of email services are not able to analyze remote photos in real-time, unlike with embedded images.
This is because they are hosted on the web. This means that remote images need to be fetched before being analyzed.
Vade Secure, a security firm, explained that the use of remote images in phishing emails surged last year and in November alone. The tech company analyzed 26.2 million remote images and blocked 262 million emails featuring malicious remote images.
However, hackers are now aware that security experts are starting to look for ways to identify remote photos in phishing emails. Because of the firms’ efforts, the cybercriminals are now using cloaking methods, multiple redirections, and abusing high-reputation domains to avoid detection.
Sebastien Goutal, Chief science officer at Vade Secure, released further details on the hackers’ new tactics.
He said that “as AI and Computer Vision become more prominent in email security, cybercriminals are being forced to innovate, and they are answering that call.”
The security expert further explained that “for every detection method that is developed, cybercriminals are following closely behind and developing new phishing techniques to evade detection.”
Vade Secure’s chief science officer added that remote images and image manipulation will still grow in both sophistication and prominence. He said that this is expected since the email filters and other security features have limited ability to analyze the images used in emails.
Hackers would also most likely find new malicious schemes since they are well known to conduct essential researchers on their targets. This just shows that cybercriminals are becoming more notorious, especially since most people are now working remotely.
This setup requires them to use email services and other online platforms to coordinate with each other, making their personal data more vulnerable to frauds and other malicious acts.