Nathan Gilks by Nathan Gilks | | Blog

Deep Secure provides the world’s first cyber security solution that mitigates the risk of attacks that use steganography. Working with your existing gateways and perimeter defences, it intercepts content like images and builds new ones removing the threats in BMP, GIF, PNG and JPG formats.

It is good to see other members of the Cyber Security industry finally getting on-board with the threats posed by steganography (or the art of hiding in sight). In a report in June’s McAfee Labs Threats Report, the AV vendor chose to focus on this topic and in particular on the most common use for the technology, concealing threats in images to infiltrate networks or exfiltrate valuable data.

A typical use of steganography to perpetrate a cyber crime is to conceal malware within an image in a way that makes it impossible to detect with the naked eye and which more importantly has no discernable signature that would identify it to a conventional detection-based cyber security product. This image appears innocuous, but encoded in the pixels that define, e.g. hue, transparency and colour is the malware. Steganography is being used today for a range of criminal purposes from rendering malware-laced rogue ads on otherwise legitimate websites to using compromised workstations and twitter feeds to steal large amounts of data in seemingly innocent social media images.

Unfortunately, the antidotes currently being offered by the cyber security industry to this most pernicious and damaging of threats are wholly ineffective. Maintaining a register of permitted applications is good practice but doesn’t help one iota when the threat is concealed in an image in a tweet. Likewise only permitting applications signed by trusted vendors. Analysing images for the presence of suspicious patterns is also good advice but is inevitably an offline forensic task that will at best tell you how your network was compromised after the fact. Signature-based anti-malware tools are predictably ineffective at combatting threats concealed using steganography, while the other advice – running on a virtualised infrastructure and monitoring outbound traffic – smack somewhat of desperation. In short, the response from the industry has been inadequate which is why Deep Secure developed Stegware Threat Removal.

Steganography is being increasingly used by criminals to exfiltrate money and valuable information. If you would like to find out how we can help remove this threat and protect your organisation with advanced threat protection, get in touch today.

View all posts