Posts Tagged Steganography

How Are Attackers Targeting Organizations With Steganographic Techniques?

Steganography is the act of hiding secret information within an ordinary, non-secret file or message to avoid detection. The main strengths of steganography are its capacity to keep a message as secret as possible and hide a large amount of data. Cyber attackers are exploiting these strengths to target organizations by launching sophisticated attacks.

Cyber attacks employ steganography to embed malicious code in seemingly benign content to bypass an organization’s cyber security. The basic layout of a cyber attack using steganography is based on four concepts.

  • Social Engineering: When the user opens the compromised document, the malware code instructs the victim to enable content in the document.
  • Network Security Monitoring Evasion: Once the content is enabled, the document runs a PowerShell script to download a file with embedded malware. The file may be as simple as a popular image, a wallpaper, etc. and is stored on a remote server.
  • Manual Analysis Evasion: The attackers make use of obfuscated VB macros to decode the malicious content hidden within the pixels of these images and install the malware.
  • Persistence: The malware is designed to register scheduled tasks to enable the script to survive system reboots.

What Is PowerShell?

Microsoft introduced it as a scripting language and command line. It is now open-source and cross-platform enabling developers to use multiple languages and libraries for building applications for mobile, gaming, desktop, and IoT solutions. It is popular among cyber criminals for launching steganography attacks because:

  • It’s easy-to-use and versatile, providing access to all major OS functions.
  • It is used and trusted by many administrators, allowing PowerShell malware to blend in with benign activity on the network.

What Type Of Information Hidden Is Via Steganography By Cyber Criminals?

Cyber criminals can use the information hiding at different stages of a cyber attack depending upon the kind of information hidden.

  • Identities: Anonymization techniques are used to hide the identities of communicating parties.
  • Communication: Steganography is used to hide the fact that a conversation is taking place. It conceals the data packet flow by using traffic-type obfuscation methods.
  • Content: Cyber criminals may hide the content of data but not the transmission or presence of data itself.
  • Code: The structure of executable malicious code is hidden by binary code obfuscation and masquerading techniques.

With an increase in the number of sophisticated cyber-attacks using Steganographic techniques, the organizations are required to update their cyber security measures.

For more information on the use of steganography in cyber attacks, contact Centex Technologies at (254) 213 – 4740.

, , , ,

No Comments

Understanding New Evasion Techniques Followed By Web Skimmers

Cyber criminals have been stealing the card details of users for years. They have been successful at card skimming, both at server-side and client-side, without attracting much attention. However, some notable breaches in past few years put them under the scrutiny of security researchers. To tackle the situation, the threat actors have employed new evasion techniques to evolve their craft.

In order to safeguard yourself from web skimming attacks, it is important to be aware of following new evasion techniques adopted by the cyber criminals:

  1. Steganography: Steganography is the technique of hiding data directly on the pixel value of an image in such a manner that the effect of data is not visible on the image. First case of using steganography to hide a malicious code was ‘ZeusVM’ in 2014. It was a Zeus banking Trojan that used a beautiful sunset image to hide its configuration data. The technique is now being used by web skimmers to trick the website security and users.A simple example may be of any ecommerce website. An e-commerce website loads numerous images such as logos, product images, offer images, etc. The web skimmers use these images (that attract user clicks such as free shipping banners) to embed their code. On studying the image properties, they may show a ‘Malformed’ message and additional data after normal end of the file. Threat actors use code snippets to load the fake images and parse the website’s JavaScript content via the slice() method.

    It is an easy way to slide past the website security because the web crawlers and scanners tend to focus on HTML and JavaScript while ignoring media files. To protect yourself from skimming acts, scan the source file of any media files downloaded from third party sites.

  2. WebSockets Instead of HTTP: HTTP follows a request and response communication channel to a server and from a client. WebSockets, on the other hand, is a communication protocol that allows streams of data to be exchanged between a client and server over a single TCP connection. It allows a more covert way to exchange data as compared to HTTP. The web skimmers use a skimming code and data exfiltration to launch the attack. The code is obfuscated in the communication in a way that it is concealed from DOM. Once the code is run in the browser, it triggers client handshake request. The request is received by the server controlled by the cyber criminals which responds to it. This establishes the connection between victim client browser and malicious host server. Now the skimming code is downloaded on the victim system and run as JavaScript code.

Centex Technologies provide cyber & network security solutions for businesses.  For more information on new evasion techniques followed by web skimmers, call Centex Technologies at (254) 213 – 4740.

, , , , ,

No Comments