Steganography and Cybercriminals: Hidden in Plain Sight
Just three years ago the Google splash image for the day looked just like the normal google logo to the masses, but buried inside the image file itself were the companies Q2 projections, which were being released the day before the actual earnings report via a hidden code inside the .PNG file.
Fortunately, this was Google at work again teaching its viewers something new. Clicking on the image or hovering over it showed a link to Wikipedia on the topic of steganography. Steganography is the hiding of digital or analog information within an image file which makes that data impossible to detect by simply viewing the image. A suspicious user would have to check Exif data and more within a special program that manipulates images in order to find the hidden information. This is also true with other images, as quite often child pornography images are hidden within "My Little Pony" images, and this is the most common form of dispersal online.
Over the past few years, steganography has played a strong role in hacker and cyber criminal forums alike as they investigated new ways to transmit stolen data securely. A new report from Kaspersky Lab shows at least three massive cyber espionage campaigns in which steganography was employed to hide stolen data. Additionally, this method was utilized to communicate with centralized command-and-control servers used during these attacks. It is unclear how many entities may have been affected by steganography-oriented attacks so far. The recent Zeus and Shamoon malware variants have had embedded programs included in their payload that turn data into images that can then be uploaded on any image hosting site with seemingly no harm or suspicion.
With this new usage and startling history of progression, malware prevention companies need to start to implement tools to stop and uncover this use of images. It's bad enough that crypto-ware and ransomware are now everyday events in the 2017 world, yet steganography brings an entire new malicious angle into the picture. Kaspersky labs recently started developing a project that will sniff out and decrypt these hidden vaults when they are found in the public, or on private servers being investigated. Although the hackers have found a new way to hide data in plain sight for transmission, the security industry is fighting back and improvements in detection are growing by the day.
Debate is the beginning of innovation.
-jgr33nwood
Check out my posts in vape vaping cryptocurrency and bitcoin !
Congratulations @jgr33nwood! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Award for the number of upvotes received
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOP