- Steganography is a technique that enables hackers to hide malicious payloads or malware within a file, message, image or video.
- The malicious content or text is usually encrypted before it is embedded within the files.
Cybercriminals are fond of using existing attack techniques in new ways to launch cyber attacks. It is much cheaper to tweak the technique rather than invent something new. One such example is that of steganography. Security researchers have observed that the attackers are heavily relying on this old-school trick to launch more advanced and sophisticated campaigns.
What is steganography - Steganography is a technique that enables hackers to hide malicious payloads or malware within a file, message, image or video. This allows the attackers to avoid detection while continuing their infection process. The images, files or videos used to conceal the malware, are used as a lure to trick users. The malicious content or text is usually encrypted before it is embedded within the files.
Steganography is a distinct form of cryptography. Unlike cryptography that obscures the content by encrypting it, steganography’s goal is to hide information by embedding it in something else. Given the ingenuity of the attack method, steganography can be used in all sort of attacks.
Few examples where steganography was used as a part of an attack campaign are listed below.
- In 2016, steganography technique was used to distribute the Sundown exploit kit. The attackers had concealed the kit within PNG files.
- In 2017, IBM X-Force discovered three malware sample containing cryptocurrency CPU-mining tools hidden within fake image files. The malware variants were used to mine cryptocurrency by hijacking the CPU.
- In August 2017, Kaspersky Lab researchers reported that the updates versions of Zerp, Zeus and Triton were delivered by steganography. The malware variants were used to steal financial information.
- In January 2019, the technique was used in a massive adware campaign called ‘VeryMal’ to infect a million Mac users. The victims were presented with ad images that harbored the malware.
- In February 2019, a new variant of Ursnif trojan was found to be distributed by hiding it in a Microsoft Office document. The variant was used to target Italian servers.
The bottom line - The uptick in the use of the technique is a red flag in the cybersecurity world. The attack technique will give a tough challenge to the antivirus products as bad actors carry out their infection process.
"Perfectly deniable steganographic disk encryption is going to be a nightmare when it comes to gathering digital evidence," says Alan Woodward, a professor at the University of Surrey.