John Stevenson by John Stevenson | | Blog

Instances of steganography being used to insert malicious code into adverts (malvertising) are growing exponentially. Attempts to detect the threat before the adverts are served to the consumer are a good start, but ultimately detection isn’t the answer!

GeoEdge researchers have identified an exponential rise in the use of steganography to insert malicious code into online ads.

Steganography is the covert hiding of data within seemingly innocuous files, typically image files. Images are the perfect vector for this type of threat as they are largely ignored by cyber security defences and a malware-laden image looks identical to a harmless image to the naked eye. Malvertising involves the injection of such images into legitimate online advertising networks and web sites. The image will carry a payload – concealed using steganography – such as a redirect to a phishing site. More often than not the unlucky consumer doesn’t need to click on the image, simply viewing it is enough to trigger the payload.

Attempts at combating malvertising by trying to block malicious images on the publisher’s platform, are a good start but ultimately no guarantee of protection for the end-consumer for one simple reason. Exploits concealed using image steganography are impossible to detect. A single image could be totally harmless, or it could contain a malware exploit and there is no way of detecting one from the other with any level of certainty.

Deep Secure developed Content Threat Removal to deal with exactly this type of highly evasive threat vector. Deployed at the organisational security boundary – typically a Web gateway – Content Threat Removal dispenses with the notion of detection completely. Instead, it uses a unique process of content transformation to destroy any hidden content. No image is trusted, every image is transformed, every image is delivered to the user, pixel perfect and 100% threat-free.

The use of image steganography in malvertising is on the rise and little wonder. 67% of the average Web page is made up of images. Images are largely ignored by cyber security defences and threats concealed in them using steganography are undetectable. The answer doesn’t lie in detection. It lies in Content Threat Removal.

Find out more about precisely how Content Threat Removal completely destroys threats concealed in images using steganography.

View all posts