Steganography is defined as the process of concealing messages or information. In other words, a message is hidden through the proficient use of art or science. Similarly, digital steganography hides a message within an image, audio track, text file and video clip. Although, steganography has positive uses, digital steganography is widely misused for malware purposes.
Malware uses digital steganography to avoid detection by hiding malicious content in files that look familiar to the victim, yet are used to cover malicious content.
The technique of concealment takes benefit of the vulnerability that most antimalware signatures detect malicious content in the malware configuration file. However, steganography facilitates the configuration file to be embedded within the cover file allowing malware to evade detection by antimalware software. Furthermore, the remaining steganographic file can decrypt into the main memory of the computer, ultimately the chances of detecting the malware are reduced further.
Most importantly, detecting the presence of hidden information such as a configuration file, bot command and a binary update inside a steganographic file is tremendously difficult. To the advantage of cybercriminals implementing steganography in cyberattacks is easier than countering and detecting the steganography threats.
TechDecoded recommends the following tips for organisations and individuals to protect against digital steganography threats:
- Organisations should have stringent rules regarding the use of Steganography software. Blocking employees from using any form of steganography software is an ideal step towards protecting against steganography threats.
- Observe images closely. Use the aid of an image editing software to detect steganography markers for instance colour differences in images. Having many duplicate colours in an image are an indicator of a steganographic attack.
- Monitor outbound traffic. The presence of a steganographic attacks can be identified by monitoring outbound traffic.
- Configure antimalware software to detect binders. Arrangements should be made to ensure antimalware software is able to detect and identify binders which may contain steganographic images.Allow only trusted signatures. Install software and applications from verified vendors with trusted signatures.