The Rise of Steganography
The cyber-attacks that were once the arsenal of nation states and organised cyber gangs always descend down the supply chain into the hands of the modern criminal, writes Dr Simon Wiseman, CTO, Deep Secure. One devastating technique that is increasing in popularity amongst canny cybercriminals is steganography, where information is concealed in the pixels of images (for example, in the colour and transparency values) to hide threats.
From hiding attack code and the command and control channels necessary to execute it, to providing a vehicle to covertly exfiltrate valuable information once within a network, steganography provides an almost undetectable means of breaching networks and the data they hold; the naked eye could never tell when a picture has been tampered with.
For example, we stegged one of Computer Business Review’s most recent articles, “Over 50% of Firms Have 1,000+ Exposed Files, Ghost Users, Stale Passwords” into the image above and you will see the photo doesn’t look disturbed in any way.
This is what makes steganography attacks so effective and ideal: images can be easily manipulated with scripting tools to conceal large amounts of information without affecting how they appear.
Beware: Big Cyberthreats can Come in Small Photos
With steganography, bad actors can store more information based on the size of the image. As the size of the picture goes up, there is more potential to hide a lot more information. You might be surprised to find that within the image above, we were able to encrypt all 272 pages of the famed Shakespeare Play, Macbeth – all within this 733KB photo – without distorting the image.
The New Wave of Credit Card Theft
While stegging the entire works of Shakespeare into pictures may seem trivial, what about credit card details?
That’s exactly what we did with the photo at left (well, these are actually 30 made-up credit card details) – but we have previously shown how we can fit as many as 300,000 credit card details in just 50 images)
To do this, the hacker simply needs access to the appropriate steg tool (freely available on the Web) or they could write their own using a scripting tool or Office macro. Add an innocuous looking image, the data they want to hide and a password to extract the secret at its destination. The data can then be smuggled out via anything from a Tweet in an image to a Web mail message or even a logo in an email signature, all without ringing any alarm bells.
Steganography: The Tool of Choice for Malicious Insiders?
But it’s not just used by attackers on the outside. Steganography is a perfect tool for the malicious insider, as they can easily pass information out of networks without alarming Data Loss Prevention software.
Over the past couple of years, there have been a number of incidents where steganography has been leveraged by internal employees looking to exfiltrate company information. Indeed, last year a Chinese engineer was able to exfiltrate sensitive information on turbine technology from General Electric on between 5-10 occasions by stegging it into images of sunsets. He was only discovered when GE Security officials became suspicious of him and started to monitor his office computer.
And to show you how easy it is, we stegged diagrams of a nuclear plant into the image above.
And the use of these tools is widespread. Our recent research into The Price of Loyalty exposed the extent of the risk’s insider threats pose, with eight percent of UK office workers reporting that they had used cyber tools (such as steganography or encryption) to steal company information. While 13 percent of these respondents were in the IT & Telecoms industry, where more technical skills might be expected, the HR and finance industry also reported comparably high use of cyber tools (15 percent and 12 percent respectively).
The Key to Steganography Prevention? Content
Businesses and their security teams should be worried by the prospect of steganography – both in the hands of malicious outsiders and insiders. But it doesn’t have to be a losing battle.
While it’s impossible to detect, there is a completely novel approach which is capable of preventing threats concealed in images using steganography from entering or leaving your network. Content threat removal uses a transformational approach to the problem that allows you to trust all the digital content passing through your network. All files – whether OfficeX documents, jpegs or even image caches – are intercepted at the boundary and prevented from proceeding. This content is then transformed, during which the useful information is extracted from the content and the original file is discarded. A new file, which is a visual replica of the original, is then created inside the company’s boundary.
Transforming images in this way destroys any threat concealed within them, but the end user experience of the image is not undermined and the resulting image is identical to the original to the human eye. If it’s impossible to detect whether an image is stegged, you need to be able to trust that it’s not.
The image above may look like all the rest – but believe me, this is the only digitally pure image in this article that you want to receive. And until you are able trust all the images passing through your network, you’re just going to have to take my word for it…