Tuesday, Sep 29, 2020 | Last Update : 03:08 AM IST

188th Day Of Lockdown

Maharashtra1339232103001535571 Andhra Pradesh6756746050905708 Tamil Nadu5808085251549313 Karnataka5755664622418582 Uttar Pradesh3870853258885594 Delhi2711142366515235 West Bengal2474252169214781 Odisha209374173571850 Telangana1872111564311107 Bihar178882164537888 Kerala175385117917678 Assam169985139977655 Gujarat1332191132403417 Rajasthan1288591077181441 Haryana1237821059901307 Madhya Pradesh117588932382207 Punjab107096840253134 Chhatisgarh9856566860777 Jharkhand7770964515661 Jammu and Kashmir69832495571105 Uttarakhand4533233642555 Goa3107125071386 Puducherry2548919781494 Tripura2412717464262 Himachal Pradesh136799526152 Chandigarh112128677145 Manipur9791760263 Arunachal Pradesh8649623014 Nagaland5768469311 Meghalaya5158334343 Sikkim2707199431 Mizoram178612880
  Technology   In Other news  07 Aug 2017  Worrying trend in hackers using steganography

Worrying trend in hackers using steganography

DECCAN CHRONICLE
Published : Aug 7, 2017, 9:04 am IST
Updated : Aug 7, 2017, 9:04 am IST

Researchers find multiple hacking groups are increasingly using the technique to hide stolen information inside images.

In a typical targeted cyberattack, a threat actor — once inside the attacked network — establishes a foothold and then collects valuable information to subsequently transfer to the command and control server (C&C).
 In a typical targeted cyberattack, a threat actor — once inside the attacked network — establishes a foothold and then collects valuable information to subsequently transfer to the command and control server (C&C).

Researchers at the security firm Kaspersky Lab have identified a new, worrying trend: malicious hackers are increasingly using steganography, a digital version of an ancient technique of hiding messages inside images, to conceal the tracks of their malicious activity on an attacked computer. A number of malware operations aimed at cyberespionage, and several examples of malware created to steal financial information have recently been caught utilizing this technique.

In a typical targeted cyberattack, a threat actor — once inside the attacked network — establishes a foothold and then collects valuable information to subsequently transfer to the command and control server (C&C). In most cases, proven security solutions or professional security analytics are able to identify the presence of the threat actor in the network at each stage of an attack, including the exfiltration stage. This is because the exfiltration part usually leaves tracks, for example logged connections to an unknown or blacklisted IP address; however, when it comes to attacks where steganography is used, the detection of data exfiltration becomes a difficult task.

 

In this scenario, malicious users insert the information to be stolen right inside the code of a trivial visual image or video file which is then sent to the C&C. It is therefore unlikely that such an event would trigger any security alarms or data protection technology. This is because after modification by the attacker, the image itself would not be changed visually and its size and most other parameters would also not be altered, therefore not raising any cause for concern. This makes steganography a lucrative technique for malicious actors when it comes to choosing the way to exfiltrate data from an attacked network.

In recent months, Kaspersky Lab researchers have witnessed at least three cyberespionage operations utilizing this technique. More worryingly, the technique is also being actively adopted by regular cybercriminals – in addition to cyberespionage actors. Kaspersky Lab researchers have seen it used in updated version of Trojans including, Zerp, ZeusVM, Kins, Triton and others. Most of these malware families are generally targeting financial organizations and users of financial services. The latter could be a sign of the upcoming mass adoption of the technique by malware authors and – as an outcome – generally increased complexity of malware detection.

 

“Although this is not the first time we have witnessed a malicious technique, originally used by sophisticated threat actors, find its way onto the mainstream malware landscape, the steganography case is especially important,” said Alexey Shulmin, security researcher at Kaspersky Lab. “So far, the security industry hasn’t found a way to reliably detect the data exfiltration conducted in this way and the goal of our investigations is to draw industry attention to the problem and enforce the development of reliable yet affordable technologies, allowing the identification of steganography in malware attacks.”

Tags: kaspersky, researchers, hacking, online, cybercrime