Steganography Attacks: Hiding Malware Where You'd Never Expect To Find It
Published: June 18, 2020 on our newsletter Security Fraud News & Alerts Newsletter.
Although it may sound more like the name of a dinosaur, steganography is a hacking technique that’s been highly effective, especially lately. Considered an unconventional method of cybercrime, steganographic attacks are a great way to compromise industries and has succeeded in several countries worldwide. Sent as an email phishing attachment, the malware hides in an innocent image. What appears to be a harmless cartoon attachment is anything but. And there’s nothing harmless about the damage a steganographic attack can do to an industry and its suppliers.
Stenography has been defined as the practice of hiding a file, message, image, or video within another file, message, image, or video. In this case, it’s data intended to do harm.
Discovered by Kaspersky's ICS CERT security team in May of this year, steganographic attacks were discovered against equipment suppliers and industrial enterprise software in the UK, Japan, Germany, and Italy. With email phishing as the attack vector, the messages in the emails are carefully crafted with the language of the country where the attack is targeted. And as hacking history shows us, it’s just a matter of time before similar steganographic attacks reach U.S. shores.
According to Kaspersky, this malware hides in Microsoft Office documents, Windows PowerShell scripts, and various other items. Data is hidden in the attached “harmless” email image created using steganography. Opening the attachment allows the malware to extract the algorithm for the attack from the attached image. Sneakily, the algorithm is hidden in the pixels used to create the image. Using steganographic techniques allows the malware to avoid detection, and that denies security experts the opportunity to analyze it for further insight into the attacks.
Be on the lookout for phishing attempts at all times. Just because a message was sent from someone you know and it’s a cute little picture, does not mean it’s harmless. If you aren’t expecting it, don’t click it. If you are dying of curiosity, contact the sender by voice, text, or separate and new email message. Don't reply to questionable email messages or texts.
If you're in management or work in the IT department, be sure to provide awareness training to employees about the latest threats and how to avoid becoming a victim. Threats are ever-changing and new ones come up all the time. Only if people know about them, can they properly react to them.
It’s always a concern to know that industry and equipment supply is vulnerable to hacking, including attacks on the U.S. auto industry last year. The FBI recently released a notification to U.S. organizations warning of hacks against our supply chain companies. Kaspersky notes that with steganography attacks “If the attackers are able to harvest the credentials of a contractor organization’s employees, this can lead to a range of negative consequences, from the theft of sensitive data to attacks on industrial enterprises…used by the contractors.”
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org