Why Steganography is Becoming Every Cybercriminal’s Favorite Tool
Let’s start there. What is Steganography?
Steganography is the art or practice of concealing a message, image, or file within another message, image, or file. This is not to be confused with cryptography which makes the malicious code in your device incomprehensible. Steganography tries to keep you in the dark entirely. And…for the record, steganography is not a brand new method. The practice of hiding messages in images (think paintings) has existed since Leonardo Da Vinci’s time.
Steganography is becoming every cybercriminal’s favorite tool because it is one of the most powerful and underutilized technologies out there. Embedding information within images anyone can see is a great way to distribute data to others without relying on third-party communication channels. To the dismay of corporations across the world, a recent report from Kaspersky Labshows steganography use is on the rise among both cybercrime groups and individuals conducting cyber espionage.
Since hackers are using this tool, would it benefit security providers to use it as well?
In an interview with Panda Security, Spain’s top Steganography expert, Daniel Lerch gave a surprising answer.
TLDR answer: “No.”
“Those responsible for the security of companies and institutions do not need to hide their communications. To keep them safe, cryptography is enough.
Steganography is a tool of great interest for different types of criminals, since it allows communication without being detected. Typical examples are communications between terrorist cells, the dissemination of illegal material, the extraction of business secrets, or their use as a tool to hide malware or the commands that remotely control the malware.”
The scariest thing about steganography is that it is only a concept. In other words, there is no one concrete way of doing it, allowing hackers to get creative with their attacks. For example, pixel values, contrast, stickers, brightness, and filters are all things typically changed to alter an image’s look and feel. While many of us do this on a regular basis when using platforms like Snapchat or Instagram, hackers manipulate them for nefarious reasons. The big challenge for security defenders is how to tell the difference between an image that’s been modified for legitimate reasons and one that’s been changed to secretly contain malicious information.
Luckily, there are people out there who are actively working on steganography defense. Simon Wiseman, Chief Technology Officer of the British network security firm Deep Secure is one of them. According to Mr. Wiseman, combatting one of these attacks requires focus on different aspects of it since it’s impossible for someone to directly target the steg itself.“Nothing is the same twice, there’s no pattern to look for, and the steg itself is completely undetectable. With advanced statistics, if you’re lucky, you might be able to get a hint that something’s strange, but that’s no good as a defense, because the false positive and false negative rate is still enormous. So detection does not work.”
So what can be done to defend your network? Remember that defense techniques should address other aspects of the attack, not the steganography itself. Wired gave a great example using financial institutions as a case study. We all know that banks have been increasingly challenged with unauthorized data exfiltration attempts in which a cybercriminal smuggles sensitive data (e.g. credit card numbers) out past the bank’s scanners by concealing the information in unremarkable files. This strategy can also be used to facilitate insider trading. Possible defense strategies involve limiting network access, monitoring who is interacting with the network, restricting file adjustment, and even sanitizing data before it leaves the network. While these are effective mitigation techniques, none of them directly detect or address the steganographic techniques attackers are using.
In contrast to the findings released by the Kapersky lab, Mr. Wiseman believes that steg attacks aren’t on the rise, they are simply being discovered more often. What is evident is that instead of being reserved for the most sophisticated hacks, steganography now crops up in malvertising, phishing, run-of-the-mill malware distribution, and exploit kits (think Sundown, a popular tool among hackers looking to exploit software vulnerabilities). It’s showing up in the bread-and-butter attacks of low-level cyber criminals in addition to advanced operations.
Where do we go from here?
For people and corporations alike, the way to protect yourself from steg attacks is largely to stay vigilant about personal and data security overall. Whether a phish or a malvertising attack incorporates steganography or not, it still requires you to click on a link or download a file. So now that you’re aware of these types of attacks, look out for them! Consider securing your accounts with protections like two-factor authentication. This will help you reduce your risk and have defenses in place if you are attacked.
Explore Other Resources from Advoqt Technology Group
The blog created by Rapid7 concerns security orchestration and automation tools. The blog gives a definition of what these tools do. A SOAR implementation would begin with defining and understanding the security issues being faced by the organization and thinking...read more
Our fifth article is from Buyer’s Guide and is an article by Karen Scarfone of Scarfone Cybersecurity. This article gets into specifics concerning the top security information and event management (SIEM) systems. The tools collect security log data from many sources,...read more
Our fourth article is a blog by Rostam Dinyari, a strategic cloud engineer, and concerns how an organization needs to gather and prepare data for machine learning deployment. A list of guidelines is presented. The first phase in data collection is to define the types...read more