Steganography or Steganography hide information in pictures

Steganography: While Kaspersky Lab researchers have analyzed multiple digital espionage campaigns and digital criminals, they have identified a new, worrying trend: malicious hackers increasingly use their tactics sealing (Steganography) – digital version of an ancient ς απόκρυψης μηνυμάτων μέσα σε εικόνες – με στόχο την απόκρυψη των ιχνών της κακόβουλης δραστηριότητας τους σε έναν that has been attacked.

Ένας αριθμός λειτουργιών κακόβουλου λογισμικού που στοχεύουν στην ψηφιακή κατασκοπεία και πολλά παραδείγματα κακόβουλου λογισμικού που δημιουργήθηκαν για να κλέψουν οικονομικές πληροφορίες έχουν found to utilize this technique.Steganography

As found in a typical targeted digital attack, a threat carrier - when inside the attacking network - would gain access and then collect valuable information for later transfer to the command and control server. In most cases, proven security solutions or professional security analyzes are able to detect the presence of the threat carrier on the network at every stage of an attack, including the stage of infiltration.

This is due to the fact that the part of the rendering usually leaves traces, for example, connections to an unknown IP address or a blacklist IP. However, when it comes to attacks that sealing is used (Steganography), detection of data unfolding becomes a really difficult task.

In this scenario, malicious users insert the information to be stolen right into the code of a trivial view ή αρχείου which are then sent to C & C. It is therefore unlikely that such an event could trigger security alarms or data protection technology. This is because after being modified by the attacker, the image itself will not change visually and its size and most other parameters will also not change and thus are not a cause for concern. This makes steganography a lucrative technique for malicious actors when it comes to choosing how to exfiltrate data from an attacked network.

In recent months, Kaspersky Lab researchers have attended at least three digital espionage companies who have used this technique.

More worryingly, the technique is also actively adopted by regular digital criminals, not just by digital espionage.

Kaspersky Lab researchers have seen that they are used in upgraded versions of Trojan, including Zerp, ZeusVM, Kins, Triton and others. Most of these malware families are generally targeted at financial institutions and users of financial services.

The latter could be a sign of the impending mass adoption of the technique by malware creators and - as a result - the generally increasing complexity of malware detection.

"Although this is not the first time we see a malicious technique originally used by advanced threatening players to be in the dangerous landscape of malware, the case of waterproofing is particularly important. So far, the security industry has not found a way to reliably detect the data unfolding in this way.

The images used by attackers as a transport tool for stolen information are very large, and although there are some algorithms that could automatically detect the technique, mass-scale implementation would require tons of computational power and cost would be prohibitive. "

"On the other hand, it is relatively easy to detect an image 'loaded' with stolen sensitive data with the help of manual analysis. However, this method has limitations, as the security analyzer could only analyze a very limited number of images per day. Maybe the answer is a mix of the two. At Kaspersky Lab, we use a combination of technologies for automated analysis and the human mind to detect and detect such attacks. "However, there is room for improvement in this area and the aim of our research is to draw industry attention to the problem and enforce the development of reliable but affordable technologies, allowing the detection of Steganography in malware attacks," he said. Alexey Shulmin, security researcher at Kaspersky Lab.

For more information on Steganography types used by malicious players and possible detection methods, you can read blogpost to the specialist site Securelist.com.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by Dimitris

Dimitris hates on Mondays .....

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).