Steganography, an ancient practice of hiding secret content and text messages inside non-suspicious messages, is being increasingly used by cybercriminals to attack the businesses around the world, according to a recent research by the Kaspersky Lab. The attackers are concealing stolen data and other potentially hazardous malware inside ordinary image or video files to communicate with control and command servers.
The research suggested that such minute modifications of video or image files to infiltrate the security systems can go unnoticed by the antimalware protections and the Advanced Persistent Threat (APT) tools. The researchers of Kaspersky Lab, Alexey Shulmin and Evgeniya Krylova, told a news website, “Most modern anti-malware solutions provide little, if any, protection from steganography.”
According to researchers, Steganography has already been used in at least three major cyberespionage campaigns in the past few months. There have also been several other instances where steganography was used with other malware like Zeus banking Trojan or the Shamoon Disk-erasing malware.
The researchers pointed out that attackers usually store the data in Stegcontainers, which can take multiple forms, including audio files, text files, or domain name. However, it becomes difficult for attackers to hide the size of the container, as hiding a lot of information would cause visual distortion, according to Krylova.