The Great Cybersecurity Race
In a recently published report, Cisco Talos outlines a new hacking threat. According to the report, hackers have begun to manipulate Cascading Style Sheets (CSS) to dodge security functions. The report explains:
In a legitimate context, CSS is mainly used to adjust an email’s content to fit the screen resolution of the recipient. However, we will discuss how CSS can be abused by threat actors to stay under the radar and track recipients at a minimum. The features available in CSS allow attackers and spammers to track users’ actions and preferences, even though several features related to dynamic content (e.g., JavaScript) are restricted in email clients compared to web browsers. In what follows, we provide examples of CSS abuse we’ve identified in the wild for both evading detection and tracking users.
The business of cybersecurity has become an unending race between good guys and bad guys, as each tries to get a step ahead of the other. Hackers are always innovating new ways to gain access to systems and information. This is being sped up by the development of artificial intelligence. Meanwhile, technology companies and cybersecurity specialists are working to throw up new barriers to keep their customers safe.
In this environment, lawmakers should be supremely skeptical about any proposal that would weaken Americans’ cybersecurity. Cybercriminals aren’t pulling any punches, and those seeking to thwart cybercrime shouldn’t, either.
On both sides of the Atlantic, in both Europe and the U.S., recent years have seen plenty of proposals to ban certain security features offered by technology companies – primarily in the name of expanding economic competition. These measures put the average user – who has little cybersecurity competency – in danger. They are the equivalent of a regulation ordering people to remove the locks from their front doors.
Human error remains one of the most common entry points for bad actors. This only compounds the need for rock-solid cyber defenses, unimpeded by shortsighted regulation. Maintaining cybersecurity is a difficult task, and no person or organization will be perfect. Even governments and the largest corporations have fallen victim to hackers.
As a new Congress and new presidential administration kick off, lawmakers should take care to protect Americans’ cybersecurity. American security – on both the individual and the national level – depends on it.
Published on March 19, 2025