News of cyber threats is commonplace these days and unfortunately, much of it isn’t just “scary hype,” but rather cause for legitimate concern about your digital security.
One of the big problems is that once a cyber security company finds a way to block the criminals, the criminals simply find a way to circumvent the security. It comes down to a kind of “one-upmanship,” with your security in the balance. One threat getting attention right now is Stegware. Let’s examine exactly what this is, how it puts you at risk and how you can avoid it.
What is Stegware?
Stegware is malicious code designed by hackers to use steganography, the ancient practice of hiding something inside of something else that seems innocent, to conceal its nefarious intent.
In this case, the hackers take something like a digital picture and insert malicious code inside of the picture (or video or some other file). In the past, most virus scanners have only looked at certain types of files, particularly those with executable code.
In many instances, videos and pictures were thought to be “safe” and thus were not scanned. This is why it should have been an obvious target for hackers since it was such an open space for them to exploit. Sometimes the malicious code gets through the security wall and lies dormant until it is “triggered” by a second malicious file.
How does Stegware put you at risk?
Several recent Stegware attacks have been perpetrated by hackers known as the OceanLotus group. Most of these attacks have used .png image files to insert “backdoor loaders” onto a computer. This could allow the hackers to remotely access the infected computer, stealing or deleting files while collecting passwords and other personal information.
Stegware has the potential to be heavily exploited through the rise of social media. With so many pictures, videos, and images shared each day on platforms such as Facebook, Twitter, and Instagram, you can see how this threat could easily be spread. In fact, social media has recently been used to send malicious code commands to activate the malware.
Another way this technology has been used illegally is to “exfiltrate” data. A Chinese-American engineer was able to steal industrial secrets from his employer (General Electric) and he was then able to pull all of this stolen data out by embedding the information in a picture he emailed to himself. Here, the software that was designed to block such occurrences wasn’t able to scan the picture image and detect the data.
How to defend your data against Stegware
The biggest hurdle to eradicating the Stegware threat is that no single “magic bullet” cure exists. Instead, you need to have multiple levels of defense on your systems. The recent use of Stegware to insert malicious code and malware into pictures and videos underscores the need to improve security on multiple levels. When a company or agency falls back on one or two “tried and true” security methods, they’re leaving themselves open to hackers, whose techniques are constantly evolving.