Cybercriminals are well-versed in shifting their hacking techniques and adapting new threat strategies to specific situations and opportunities. Threat actors often leverage various tactics like phishing and social engineering to spread malware by disguising themselves. Recently, adversaries were found using a new attack vector called Steganography to deploy malware, evade security scans, and obtain persistence.
According to a Kaspersky report , threat actors targeted multiple distributors of equipment and software for industrial enterprises to steal credentials using phishing and steganography techniques.
In general, steganography is an ancient art of hiding information in images and paintings. Most artists use this technique to conceal their signatures and other hidden messages within their paintings. Even kings used this data hiding technique to send secret messages to their soldiers in the warzone.
Cybercriminals are now leveraging steganography as an attack vector to hide malicious JavaScripts and malware within the images and distribute them to targets. When the victim clicks the malicious image, the malware embedded in the image automatically downloads the malicious code or malware, infecting the targeted system.
Based on the targets, the attackers use different types of steganography attacks, which include:
In a Text Steganography attack, hackers conceal information (malware code) inside the text files. Bad actors do this by altering the text format in the existing file, such as changing words, creating random characters or sentences.
Attackers hide malicious data in images in an Image steganography attack. They exploit the large number of bits or pixels in an image and replace them with malware codes. Threat actors leverage different tactics to establish image steganography attacks, including the Least significant bit insertion, Masking and Filtering, Pattern encoding, Coding, and Cosine transformation methods.
In an Audio steganography attack, threat actors exploit WAV audio files to hide their customized malware. Attackers embed the malicious code within the WAV audio files that contain a loader component to decode and execute malicious content embedded in audio files.
Video steganography is a combination of both text and image-based steganography attacks. Adversaries embed a large amount of malicious data inside the moving stream of images and audio files.
About the Author
Rudra Srinivas is a Senior Feature Writer and part of the editorial team at CISO MAG. He writes news and feature stories on cybersecurity trends.
More from the Rudra.
The post How to Prevent Steganography Attacks appeared first on CISO MAG | Cyber Security Magazine.
Click to Open Code Editor