Steganography in Cybersecurity: A Growing Attack Vector
Aware of the increasing investment that companies make in cybersecurity tools, threat actors are constantly modifying, diversifying and refining their cyber attack strategies to prevent detection. A recent trend is the rise of steganography as an attack vector to achieve different goals, such as masking communications or installing malicious software. This article explains what steganography is in cybersecurity and why cyberattackers can use this technique, as well as providing some examples of real-world incidents that were based on steganography, as well as mitigation tips. .
What is steganography?
Steganography is the practice of hiding hidden messages or other data within something normal that seems innocuous and is no secret. Steganography has its roots in ancient Greece, and the original Greek word translates to something like “hidden writing.”
From a cybersecurity perspective, the concern is that some threat actors may use this technique in a viable way to embed malicious data into seemingly normal files. And this concern is not just a theoretical possibility; several cyberattacks in recent years have used this technique.
But how exactly would steganography work in the context of a cybercrime? Digital images are the main targets because they contain a lot of redundant data that you can manipulate without significantly altering the appearance of the image. And because their use is so common in the digital landscape, image files do not usually generate any alarm signal about malicious intent. Videos, documents, and audio files also offer potential alternative means of using steganographic techniques to plant malicious payloads.
It is also possible to use network-based steganography and modify header fields in TCP / IP or other network protocols. Using these techniques, hackers can create hidden channels for covert communications and not be detected by network traffic analysis tools. The need for intruders to communicate covertly becomes especially important during the command and control phase of the cyber chain.
Another potential use of steganography is in the data exfiltration stage of a cyberattack. By hiding sensitive data within legitimate communications, steganography provides a way to extract undetected data. With many threat actors now valuing data leakage as the number one target of cyberattacks, security leaders are improving when it comes to implementing measures to detect when data is being extracted, often monitoring traffic. encrypted network.
Because steganography requires a lot of effort and nuance to do well, its use often involves advanced threat actors with specific goals in mind.
Steganography vs. cryptography
Because steganography and cryptography involve keeping information away from prying eyes, it is worth comparing them briefly. Encryption takes a message or file and makes it unreadable using advanced cryptographic algorithms for anyone without a decryption key. Steganography hides information from view so that an unsuspecting observer does not even know that there is a secret hidden in what he sees.
Real-world attacks that used steganography
Here are some examples of attacks over the past five years that have used steganography either alone or in combination with other techniques:
In November 2020, Dutch e-commerce security platform Sansec revealed an investigation that showed that threat actors had embedded skimming software inside SVG graphics on e-commerce payment pages. The attacks used a malicious payload hidden inside SVG images and a separate decoder hidden elsewhere on the web pages.
Users who enter their data on compromised payment pages will not notice anything suspicious because the images were simple logos of well-known companies such as Facebook and Google. And because the payload was contained within what appeared to be the correct use of the SVG element syntax, standard security scanners looking for invalid syntax could not detect malicious activity.
SolarWinds supply chain attack
The 2020 SolarWinds attack quickly gained notoriety for infiltrating the U.S. government’s federal level along with thousands of other organizations around the world. This supply chain attack disguised remote access tools in seemingly legitimate updates to Orion network monitoring software.
Although there were many layers of complexity to SolarWinds’ non-compliance, steganography was used during the command and control phase to hide the command data. The technique, in this case, used seemingly benign XML files served in HTTP response bodies from control servers; the command data within these files was disguised as different text strings.
In June 2020, Kaspersky released a report on a campaign of observed and targeted attacks on industrial companies in several different countries. This campaign used steganographic techniques after the targets opened Excel email attachments containing malicious macros. Macros run PowerShell scripts, and one of the script commands was to download selected images from the public image hosting services. Each image contained more malicious data hidden in different pixels that, when decoded, allowed threat actors to install Trojans that allowed them to steal passwords or spy on network traffic.
Mitigation of steganography-based attacks
One of the difficulties in combating the threats of steganography is that they can be very difficult to detect. Some mitigation measures include:
- Cybersecurity training and awareness programs are crucial in communicating the dangers of downloading unreliable media, fishing e-mail signs containing malicious files, and the prevalence of steganography as a cyber threat.
- Look for advanced endpoint protection that goes beyond static signature-based detection to a more dynamic, behavior-based approach.
- Leverage intelligence on threats from a variety of sources to stay up to date with trends, including cyber campaigns that affect your industry or industry in which steganography has been observed.
A cat and mouse game
In the cat-and-mouse game that defines much of modern cybersecurity, threat actors will continually try to evolve their tactics and adopt different methods to achieve their goals and avoid being caught. Awareness of steganography as an attack vector ensures that you are already aware of this threat.
But to really stop hackers, you need accelerated detection and response. In a world of overloaded security equipment and a tight labor market, managed detection and response offer a proactive approach that increases your cybersecurity position while reducing costs.
Contact your Nuspire team today for more information on our managed security services.
Steganography in Cybersecurity: A Growing Attack Vector first appeared on Nuspire.
*** This is a Nuspire Security Bloggers Network syndicated blog created by Team Nuspire. Read the original post at: https://www.nuspire.com/blog/steganography-in-cybersecurity-a-growing-attack-vector/