"Researchers Uncover New 'Conversation Overflow' Tactics"

Threat researchers at SlashNext have discovered a new cyberattack involving the use of cloaked emails to trick Machine Learning (ML) systems, leading to the infiltration of enterprise networks. SlashNext refers to the tactic as a "Conversation Overflow" attack, which bypasses advanced security measures to deliver phishing messages directly to victims' inboxes. The malicious emails have two different components, with the visible portion prompting the recipient to perform an action, such as entering credentials or clicking links. Several blank lines separate the hidden section containing benign text resembling ordinary email content. This hidden text aims to trick ML algorithms into classifying the email as legitimate, thus allowing it to pass security checks and reach the target's inbox. SlashNext researchers have repeatedly observed this technique, suggesting that threat actors may be beta testing to evade Artificial Intelligence (AI) and ML security platforms. This article continues to discuss the Conversation Overflow attack.

Infosecurity Magazine reports "Researchers Uncover New 'Conversation Overflow' Tactics"

Submitted by grigby1

Submitted by Gregory Rigby on