Steganography and Cybercriminals: Hidden in Plain Sight

in bitcoin •  2 years ago

Just three years ago the Google splash image for the day looked just like the normal google logo to the masses, but buried inside the image file itself were the companies Q2 projections, which were being released the day before the actual earnings report via a hidden code inside the .PNG file.

Fortunately, this was Google at work again teaching its viewers something new. Clicking on the image or hovering over it showed a link to Wikipedia on the topic of steganography. Steganography is the hiding of digital or analog information within an image file which makes that data impossible to detect by simply viewing the image. A suspicious user would have to check Exif data and more within a special program that manipulates images in order to find the hidden information. This is also true with other images, as quite often child pornography images are hidden within "My Little Pony" images, and this is the most common form of dispersal online.

Key

Over the past few years, steganography has played a strong role in hacker and cyber criminal forums alike as they investigated new ways to transmit stolen data securely. A new report from Kaspersky Lab shows at least three massive cyber espionage campaigns in which steganography was employed to hide stolen data. Additionally, this method was utilized to communicate with centralized command-and-control servers used during these attacks. It is unclear how many entities may have been affected by steganography-oriented attacks so far. The recent Zeus and Shamoon malware variants have had embedded programs included in their payload that turn data into images that can then be uploaded on any image hosting site with seemingly no harm or suspicion.

How Steganography works.

With this new usage and startling history of progression, malware prevention companies need to start to implement tools to stop and uncover this use of images. It's bad enough that crypto-ware and ransomware are now everyday events in the 2017 world, yet steganography brings an entire new malicious angle into the picture. Kaspersky labs recently started developing a project that will sniff out and decrypt these hidden vaults when they are found in the public, or on private servers being investigated. Although the hackers have found a new way to hide data in plain sight for transmission, the security industry is fighting back and improvements in detection are growing by the day.

Thanks for reading! Please follow, upvote, comment, and most of all: Reply.
Debate is the beginning of innovation.

footer.png

-jgr33nwood
Sig
Check out my posts in vape vaping cryptocurrency and bitcoin !

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Congratulations @jgr33nwood! You have completed some achievement on Steemit and have been rewarded with new badge(s) :

Award for the number of upvotes received

Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here

If you no longer want to receive notifications, reply to this comment with the word STOP

By upvoting this notification, you can help all Steemit users. Learn how here!