Cybercriminals use Steganography as a new attack vector to distribute malware, evade security scans, and obtain persistence.

Cyber-criminals are well-versed in shifting their hacking techniques and adapting new threat strategies to specific situations and opportunities. Threat actors often leverage various tactics like phishing and social engineering to spread malware by disguising themselves. Recently, adversaries were found using a new attack vector called Steganography to deploy malware, evade security scans, and obtain persistence.

What is Steganography?

In general, steganography is an ancient art of hiding information in images and paintings. Most artists use this technique to conceal their signatures and other hidden messages within their paintings. Even kings used this data hiding technique to send secret messages to their soldiers in the warzone.

Use of Steganography in Cyberattacks

Cybercriminals are now leveraging steganography as an attack vector to hide malicious JavaScripts and malware within the images and distribute them to targets. When the victim clicks the malicious image, the malware embedded in the image automatically downloads the malicious code or malware, infecting the targeted system.

Types of Steganography Attacks

Based on the targets, the attackers use different types of steganography attacks, which include:

1. Text Steganography

In a Text Steganography attack, hackers conceal information (malware code) inside the text files. Bad actors do this by altering the text format in the existing file, such as changing words, creating random characters or sentences.

2. Image Steganography

Attackers hide malicious data in images in an Image steganography attack. They exploit the large number of bits or pixels in an image and replace them with malware codes. Threat actors leverage different tactics to establish image steganography attacks, including the Least significant bit insertion, Masking and Filtering, Pattern encoding, Coding, and Cosine transformation methods.

3. Audio Steganography

In an Audio steganography attack, threat actors exploit WAV audio files to hide their customized malware. Attackers embed the malicious code within the WAV audio files that contain a loader component to decode and execute malicious content embedded in audio files.

4. Video Steganography

Video steganography is a combination of both text and image-based steganography attacks. Adversaries embed a large amount of malicious data inside the moving stream of images and audio files.

How Do You Prevent Steganography Attacks?

• Avoid employees downloading software and other applications from unknown sources as they may contain steganographic codes.

• Never click/open/download suspicious text/audio/image files from unknown sources.

• Closely monitor the software distribution procedures in your organizations to identify malicious insiders.

• Train employees on various phishing and social engineering lures.

• Use anti-malware tools to identify the presence of malware in the files, text docs, images received from unknown sources.