A workstation on a bank network begins to poll Twitter searching for a pre-defined hashtag. When it spots the hashtag on the Twitter site, it downloads the associated image from the post. This seemingly innocuous event is actually the opening of a command and control channel that the cyber-criminal will use to infiltrate the organisation and commit financial crime on an industrial scale.

From the initial compromise to the final exfiltration of funds, the crime is concealed in superficially harmless images using a technique called steganography. It’s a classic e-heist, with a twist. It evades detection completely.

Join Deep Secure on Stand IC2234 at Blackhat USA 2018 – Mandalay Bay, Las Vegas – 8th Aug 2018 to 9th Aug 2018 and find out how you can destroy threats concealed in images using steganography (Stegware). We’ll be showing how easy it is for the bad guys to get away with the money, why detection-based defences and data loss tools are rendered useless by Stegware and how Deep Secure totally eliminates the threat and leaves the criminals empty-handed. 

View all posts