With malware attacks growing at an alarming rate, the critical state of global cybersecurity has been keeping the best of cybersecurity professionals awake at night. Keeping a close eye on the trends of the malicious side of cyberspace can help one prepare and protect themselves and their organizations in a better way. In this article, we take a look at the master of stealthy cyber-attacks – Stegware.
In the long list of new threats, Stegware is the newest gimmick for cybercriminals. Using Steganography, a malicious code is hidden within a rather innocuous file which could be a video, an image or any other harmless format. With this, hackers have seemed to discovered yet another method to get past various security tools.
Steganography is an ancient art that dates as far as the 440 BC where a Greek ruler sent warning messages to his allies by shaving it into the head of one of his slaves. The same principles have been adopted by the modern-day cybercriminals and have constructed a way to stealthily attack their targets.
By hiding malicious code in different file formats that aren’t analyzed by standard data security tools, the attacks can fly below the radar of a traditional anti-malware and gateway analysis system. This very method of concealment is invisible to the human eye but can be read through a few certain software. This allows an attacker to insert a benign file in the form of a picture or a sound file, into the victim’s system and activate once they are past the system’s defenses.
Attacks through steganography have reached its peak in recent times, with numerous threat actors exhibiting various tactics. Following the common modus operandi of attackers, they hide their malicious code in picture files, concealing it within the pixels of the image. Social media has also been exploited as a platform for the propagation and control of Stegware, with images and tweets sending commands which activate the malware on an infected device.
This might be a new strategy for many cybercriminals but it’s still a small part of their larger picture and all of it majorly relies on stealth. The better they can outwit the perimeter security, the more effective they get for the enterprise’s critical systems and data. Steganography is just one of the many techniques, many other newly discovered techniques piggyback on legitimate traffic and applications surpass the security. Newer fileless attacks are capable of avoiding detection techniques altogether.
In order to hide file’s true intentions and to outwit the security, attackers often use double extensions to hide the true malicious nature of the file. For example – When a potential target downloads a phishing attachment, which is labeled as updatedinformationlist.exe.png, windows only access’ the .png part of the file, completely ignoring the .exe part of the file which launches the malware attack. Attackers are now implementing the various stages of attack by tunneling within the approved business traffic initially. However at a later stage, it’s not just tunneling inside but it is also communicating back to the command and control, moving around inside and carrying the treasure of information outside.
Why is Stegware on the rise?
The malware is on the rise due to the following three reasons –
- The secret to its potency is simply because it’s extremely hard to detect.
- Given the malware is typically hidden in a seemingly benign file, which can be of an image, any image and it doesn’t raise an alarm irrespective of its file extension.
- And finally, with a variety of encryption algorithms, it is easy to implement the malware.
Tips for Protection –
The detection techniques for Stegware are being developed but are still in its nascent stages. For now, the best method for preventing Stegware is by keeping an eye out for the red flags that are raised by the workflow mechanisms.
- Encryption is absolutely necessary for Stegware.
- The network should be monitored for high payload transfers. Since the other most important aspect of Stegware is transferring of the malware, all secure data transfers should be done with secure browser sandboxing, especially, if the use of social media is permitted. Any sorts of data transfer from work device to personal should be prohibited.
- And in the end, always follow the basic hygiene of cybersecurity. Update your Antivirus software as soon as a patch is released and educate the employees of the perils of downloading unapproved software and accepting files with untrusted signatures.
Having a safety net for your data is very essential to ensure the continuity of business. A reliable back up solution that protects the system from damages can ease the anxiety of data loss.
To read more, please check eScan Blog