Vade first introduced Computer Vision to our filter engine in 2019 to identify emails that use images to bypass traditional text parsing and analysis. The Computer Vision engine continually scans images in email to identify malicious emails that leverage the following techniques:
- Image manipulation: Images are slightly altered, making them unrecognizable to security solutions that use fingerprints, but still identifiable by the targeted victim. Examples of alteration techniques include noise, pixelization, translation, cropping, or changes in image properties (contrast, brightness, hue).
- Text-based images: To bypass traditional text parsing and analysis, images contain text that needs to be extracted with OCR (Optical Character Recognition).
- Remotely hosted images: Images are often hosted remotely to evade real-time detection. As fetching an image hosted online takes some time, it is an additional difficulty for security solutions. Images are frequently hosted on high-reputation domains such as googleapis.com and github.com to avoid domain blocking and takedown. ...read more!
