John Stevenson by John Stevenson | | Blog

2018 has seen an exponential rise in the use of image steganography by cyber criminals. As the year draws to a close, Deep Secure’s research team offer their observations on this, the year of the poison picture.  

Over the past year Deep Secure Labs has seen a dramatic increase in the use of image steganography by cyber criminals:

  • JANUARY: Attackers target the Pyeongchang Olympics concealing PowerShell scripts within a PNG image using steganography.
  • AUGUST: A GE employee is arrested after it is discovered he has stolen trade secret information by concealing it using image steganography and sending it via email to his personal email account.
  • NOVEMBER: A new spam campaign uses image steganography to deliver malware to business users.
  • NOVEMBER: Deep Secure researchers demonstrate that 50 Twitter images are enough for a cyber-attacker to steal 300,000 credit card details using image steganography.
  • DECEMBER: Attackers use steganography to hide instructions in memes posted to Twitter to control RAT-infected computers.

So, what do our researchers think about 2018 - the year of the poison picture?

High Level of Risk

Image steganography is becoming the concealment technique of choice for the canny cybercriminal. Using steganography, a secret can be concealed in a totally innocuous-looking image file. Only the individual who encodes the secret in the file can decode it and extract what is hidden inside. Unlike cryptography (where the secret is concealed in a jumble of letters and numbers that at the very least suggest something is hidden), the very presence of a secret concealed using image steganography cannot be discerned. It is the perfect cloak of invisibility. “Steganography is one of the most frightening and underestimated threats on the cyber landscape. It poses an elevated level of risk to all organisations,” says Deep Secure Labs Research Analyst, George Chapman.

250% Increase

One particularly telling development is the increase in instances of image steganography that use the StegHide algorithm. “We’ve confirmed this using data from Google Trends, where searches for StegHide have risen by 250% in this year alone”, says Deep Secure Security Architect, Aaron Mulgrew. “What makes StegHide particularly sinister is that it is almost completely undetectable giving the attacker a massive advantage over current detection-based technology, which consistently struggles to detect even the most basic exploit concealed within an image file.”

Completely Undetectable

There is a misconception that steganography is “hard to do”, but that’s not the case. In its crudest form, data can be hidden in image files by adding it to the end, but this can easily be detected and washed out. “Real steganography is undiscoverable because it is encoded into the image data itself,” says Deep Secure Researcher, Oceanne Gallagher. “To demonstrate just how exposed organisations are, we have created an image steganogaphy attack (codenamed Magpie) which uses algorithms that are completely undetectable and leave no trace. This attack can be used by an insider to leak sensitive data completely evading detection by Data Loss Prevention and Insider Threat Management defences.”

A Message of Hope

If all this seems rather bleak and worrying news, we’ve a message of hope with which to end the year and start the festive season.

Using a completely unique technique called Content Transformation, Deep Secure’s Content Threat Removal technology destroys threats concealed in images using steganography. Whether in email, Web browsing, social media or file transfer, threats concealed in images using steganography are always nullified.

Enjoy the festive holiday and if you’d like to see a demonstration of Content Threat Removal in action, see how the Magpie attack could impact your business or just chat further with the Deep Secure Research Labs team, contact us today.

View all posts