While we are getting ready to fight zero-day threats, popular exploits, deadly COVID-19 virus. Hackers are evolving new techniques to pass on the malware on your machines. A concept introduced in 1499 but existed since ancient times is the new weapon. It’s called “steganography this new technique is used to send data in a hidden format so that it cannot be read. A combination of the Greek word (steganos) meaning concealed, hidden and ‘graphy ‘meaning writing is becoming a dangerous new trend.
Today in this post we will discuss this new frontier and how to stay protected from it.
What is Steganography?
As already discussed, it is a new method used by cybercriminals to create malware and cyber espionage tools.
Unlike cryptography, which disguises contents of a secret message, steganography hides the fact that a message is being transmitted or a malicious payload is sitting inside the image to dodge security solutions.
There are stories that this method was used in the Roman Empire to pass on the message secretly. They used to select a slave to convey the message and had his scalp shaved clean. Upon doing so the message was tattooed onto the skin and once the hair grew back, the slave was sent to pass on the message. The receiver then used to follow the same process to shave the head and read the message.
This threat is so dangerous that security experts had to collect at a place to learn ways to fight it and disable information concealment.
How does steganography work?
By now it is clear why cybercriminals use this method. But how does this work?
Steganography is a five-fold process – fist attackers do complete research for their target, after this they scan it, gain access, stay hidden, cover their tracks.
Once the malware is executed on the compromised machine a malicious meme, image or video is downloaded. After which the given command is extracted. In case the “print” command is hidden in the code a screenshot of the infected machine is taken. Once all the information is collected it is sent out to the hacker via a specific URL address.
A recent example of this comes from the 2018 Hacktober.org CTF event where TerrifyingKity was attached in an image. In addition to this, Sundown Exploit Kit, new Vawtrack and Stegoloader malware families also emerged.
How is Steganography different from Cryptography?
Principally both steganography and cryptography have the same goal i.e. hiding messages and passing on to third parties. But the mechanism used by them is different.
Cryptography alters information to a ciphertext that cannot be understood without decryption. While Steganography does not change the format, it hides the information in a manner that no one knows there is data hidden.
| STEGANOGRAPHY | CRYPTOGRAPHY | |
| Definition | A technique to conceal information in image, video, meme, etc | A technique to convert data into ciphertext |
| Purpose | Pass on the malware without being tracked | Data protection |
| Data Visibility | No chance | Certainly |
| Data Structure | No alteration of data structure | Alters the complete structure |
| Key | Optional | Necessary |
| Failure | Once a secret message is discovered anyone can access it | Using a decryption key ciphertext can be read |
In simple words, steganography is stronger and more complex. It can easily bypass DPI systems, etc all this makes it the first choice of hackers.
Depending on the nature Steganography can be divided into five types:
- Text Steganography – Information hidden in text files, in the form of changed characters, random characters, context-free grammars are text steganography.
- Image Steganography – Hiding data inside the image is known as image steganography.
- Video Steganography – Hiding data into digital video format is video steganography.
- Audio Steganography – The secret message embedded in an audio signal that alters binary sequence is audio steganography.
- Network Steganography – as the name implies the technique of embedding information within network control protocols is network steganography.
Where criminals hide information
- Digital files – Large scale attacks related to e-commerce platforms disclosed the use of steganography. Once the platform is infected malware collects payment details and hides them within the image to reveal information related to the infected site.Impersonating legitimate programs – The malware mimic as a pornography player without correct functionality tricking used into installing the infected application.
- Inside ransomware – One of the most popular identified malware is Cerber ransomware. Cerber uses a document to spread malware.
- Inside an exploit kit – Stegano is the first example of the exploit kit. This malicious code is embedded within a banner.
Is there a way to determine steganography? Yes, there are several ways to identify this visual attack.
Ways to Detect steganography Attacks
Histogram Method – This method is also known as the chi-squared method. Using this method the entire image raster is analyzed. The number of pixels possessing two adjacent colors is read.
Fig A: An empty carrier Fig B: Filled Carrier
RS Method – This is another statistical method that is used to detect payload carriers. The image is divided into a set of pixel groups and a special filling procedure is used. Based on the values the data is analyzed and an image with steganography is identified
All this clearly shows how cleverly cybercriminals are using steganography to pass on malware. And this is not going to stop because it is very lucrative. Not only this but, Steganography is also used to spread terrorism, explicit content, espionage, etc.