Steganography is the ancient art of concealing secret information in innocent-seeming data.
What is surprising is how dangerous it is for your cybersecurity in 2020.
You probably know how kids write hidden messages using lemon juice and read them later on by applying heat.
Steganography (“Covered writing”) is something similar, but intended to hide a computer file within typical images, video, or audio files.
While cryptography seeks to conceal the contents of information, steganography aims to hide the knowledge of the content’s existence itself.
Why Steganography is Dangerous
Steganography is not strictly illegal.
Users may just want to hide a message for several legitimate reasons.
The problem with steganography arises when criminals misuse it.
Let me give you an example: Trojan horses are something you have heard about a lot.
Now, instead of software, the Internet’s connectivity has allowed trojans to hide inside things as innocent as an image or Word macro.
Steganography techniques may have been used by the 9/11 attackers, according to the NSA. Other terrorist groups such as Hamas and Hezbollah also use advanced steganography techniques to hide their communications online.
Cybercriminals today have automated their attacks using tools such as PowerShell and BASH.
The hacker simply embeds malicious scripts within the mentioned Excel or Word files that have macros. Once the victim opens the file, a hidden PowerShell script automatically downloads and runs an installer app.
The action often happens before antivirus software gets a chance to block the actions. The newly installed app then downloads different malware onto the victim’s computer.
This method has been used as a vector for dangerous ransomware like Snatch.
Steganography-based attacks have also been used to install malware like keyloggers or to create DDoS botnets.
IOS is traditionally regarded to be safe, however, it’s not immune against this threat.
How does Steganography Work
Modern digital steganography encrypts and then insert data into an image, video, or audio file using relevant algorithms.
The first one (image) being the most common, where its files are encoded into the last or least significant bits that encode a pixel’s color.
Doing this will alter an image but the changes are barely noticeable. Data can also be hidden in audio files using a similar procedure as humans cannot detect the difference.
Pictures may also be hidden within videos.
For instance, if a video is 3000 fps and a picture is hidden in every 3rd frame.
Software for Conducting Steganography
Despite the apparent complexity involved, steganography is relatively simple to do when proper software is used.
Of course, the ease of doing it means translates to more hackers doing so.
Between the software used to carry out steganography, you can find:
- Xiao Steganography: A hybrid tool. It can conceal files in either BMP images or WAV audio formats.
- SteghideThe infamous Steghide is open-source. It allows you to conceal files in images or audio and is notorious for its use among adversaries. The software is immune to first-order statistical tests.
- Crypture: Crypture allows you to conceal sensitive information inside BMP images, but the image size must be at least eight times larger than the information.
- SteganPEG: This software allows you to conceal any file in a JPG image in a password encrypted form.
- OpenStego: OpenStego is versatile and allows you to hide data in various formats such as GIF, BMP, JPG, JPEG, PNG, and WBMP.
Detecting Steganography and Countering It
Security researchers continually try to detect malicious code. But there’s a huge problem with it: steganography-based attacks are often zero-day threats as well.
Their containment and detection are frustratingly difficult…
Firstly, you need a reliable Threat Intelligence.
Users can create isolated environments – a sandbox such as a virtual machine – where files thought to be compromised may be checked and observed. Doing so mitigates risk for the remainder of the network.
As well as proceeding to use a next-gen.firewall, capable of blocking the latest threats.
And for zero-day threats themselves, you can click on the link to learn what are best-practices to prevent and counter against.
What to do About It?
Steganography looks like taken out of movies. But reality seems to be scarier than fiction.
It’s real, even if you can’t see it.
Can you do something about it? Definitely.
Contact our team for managed IT Services today and enjoy malware-free work.
Isn’t that what we all want!?