Steganography is the art of hiding information inside other data. This technique is used to protect confidential information from prying eyes by allowing it to be transmitted through images, audio, video and other digital files. The article discusses the main methods of steganography, its application and importance in cyber security.
Steganography is the technique of hiding information inside another message or object to avoid detection. With the help of steganography, almost any digital content can be disguised, including text, graphics, video or audio files. The hidden data is then extracted at the destination.
Often, before hiding data, it is first encrypted, or processed in such a way as to make detection difficult. This makes hidden information even more secure.
Steganography, as a method of covert communication, is sometimes compared to cryptography. However, these are not the same thing, since steganography does not involve encrypting information during transmission or using a key to decrypt it after receiving it.
The word “steganography” comes from the Greek words “steganos” (meaning “hidden”) and “graphein” (meaning “writing”). This art has been used for thousands of years to ensure the privacy of communications. For example, in ancient Greece, messages were carved into wood and then covered with wax to hide them. In Rome, invisible ink was used, which became visible under the influence of heat or light.
In the field of cybersecurity, steganography is of great importance because cybercriminals, such as ransomware groups, can use it to hide malicious data during attacks. They can disguise malicious tools, transmit commands to command-and-control servers, or even hide information in seemingly harmless files such as images, videos, audio, or text documents.
From a digital perspective, there are five main types of steganography. It:
Text steganography
Image steganography
Video steganography
Audio steganography
Network steganography
Text steganography. Text steganography involves hiding information in text files. This includes changing the format of existing text, changing words in text, using context-free grammars to create readable texts, or generating random sequences of characters.
Image steganography. This involves hiding information in image files. In digital steganography, images are often used to hide information because the digital representation of an image contains a large number of elements and there are various ways to hide information within an image.
Audio steganography. Audio steganography involves secret messages embedded in an audio signal that alters the binary sequence of the corresponding audio file. Hiding secret messages in digital audio is a more complicated process compared to others.
Video steganography. This is where the data is hidden in digital video formats. Video steganography allows you to hide large amounts of data in a moving stream of images and sounds. There are two types of video steganography. The first is embedding data into uncompressed raw video followed by compression. The second is embedding data directly into the compressed data stream.
Network steganography. Network steganography, sometimes known as protocol steganography, is the technique of embedding information into network control protocols used for data transmission, such as TCP, UDP, ICMP, etc.
Steganography and cryptography share the same goal of protecting a message or information from unauthorized access, but they do so in different ways. Cryptography turns information into encrypted text that can only be read with a special decryption key. This means that if someone intercepts the message, they will immediately know that encryption has been used.
In contrast, steganography does not change the information itself, but hides the very fact of its existence. Instead of encrypting data, steganography masks it inside other files or messages, making it invisible to outsiders. This provides an additional level of secrecy, as the fact that there is a hidden message remains invisible.
There are some similarities between steganography and NFTs (non-fungible tokens). Steganography is a method of hiding files inside other files, be they images, text, videos or other formats.
When you create an NFT, you often have the option to add additional content that is only available to the owner of that NFT. Such content can include anything from high-quality images and messages to videos, access to closed communities, discount codes, or even smart contracts and “treasures.”
With the development of the art world, the methods of using NFT are also changing. The development of NFTs with private metadata is a trend we are likely to see more and more of in the future. This data can be used in various areas such as games, paid content, event ticketing and many others.
Recently, steganography is mainly used on computers, the media of which are digital data, and the high-speed delivery channels are networks. The use of steganography includes:
Avoid Censorship: Use it to send news information without censorship and without fear of the message being traced back to the sender.
Digital Watermarking: Its use to create invisible watermarks that do not distort the image and can still be tracked to see if it has been used without permission.
Information Protection: Used by law enforcement and government agencies to send highly sensitive information to other parties without arousing suspicion.
From a cybersecurity perspective, attackers can use steganography to embed malicious data into seemingly safe files. Because steganography requires considerable effort and subtlety to achieve the desired result, its use often involves sophisticated threat actors with specific goals. The following are several ways to carry out attacks using steganography:
Hiding Malicious Payload in Digital Media: Images are often the target of attacks because they contain a lot of redundant data that can be manipulated without noticeable changes in appearance. Videos, documents, audio files, and email signatures can also be used to host a malicious payload using steganography.
Ransomware and data theft: Ransomware gangs can use steganography to hide data during cyber attacks. This method allows you to hide sensitive data in legitimate communications, allowing data to be obtained without detection.
Hiding commands on web pages: Attackers can hide commands for their implants on web pages by using whitespace or debug logs posted on forums. It allows you to secretly download stolen data and keep active with an encrypted code.
Malicious advertising: Attackers can use steganography in advertising campaigns by inserting malicious code into banner ads. After downloading such banners, the code is extracted and redirects users to a page with exploits.
E-commerce skimming: In 2020, e-commerce security platform Sansec discovered that attackers were embedding skimming malware into scalable vector graphics (SVG) on e-commerce pages. They hid the malicious payload inside SVG images and used a decoder placed elsewhere in the web pages. Users who entered their details on the hacked checkout pages didn’t notice anything suspicious because the images looked like regular logos of well-known companies. Because the payload looked like a valid use of SVG element syntax, standard security scanners failed to detect the threat.
SolarWinds: Also in 2020, hackers hid malware in a legitimate software update from SolarWinds, an IT infrastructure management company. Hackers have successfully hacked Microsoft, Intel, Cisco, and various US government agencies. They used steganography to disguise the stolen information as harmless XML files sent in HTTP responses from control servers. The commands passed in these files were disguised as plain text strings.
Industrial: In 2020, companies in the UK, Germany, Italy and Japan fell victim to a campaign that used steganographic documents. Hackers avoided detection by uploading the steganographic image to reputable platforms such as Imgur to infect Excel documents. Mimikatz, a Windows password stealing malware, was downloaded using a hidden script embedded in an image.
The process of detecting steganography is known as “stegananalysis”. There are several tools that can help detect the presence of hidden data, including StegExpose and StegAlyze. Analysts can also use common analysis tools, such as hex viewers, to detect anomalies in files.
However, detecting files modified with steganography remains a challenge. This is due to the fact that it is almost impossible to discover where to start looking for hidden data in the huge number of images that are uploaded to the Internet every day.
Attacks using steganography are relatively easy to carry out, while defending against them is a much more difficult task. To reduce the risks of such attacks, you can take the following measures:
Increase cyber security awareness: Educating employees about the risks associated with downloading media from untrusted sources will help reduce the likelihood of an attack. This training should also include the ability to recognize phishing emails that may contain malicious files and an understanding of steganography as a cyber threat. At a basic level, it is important to teach people to pay attention to images with extremely large file sizes, which may indicate the presence of hidden data.
Implementing web filtering and security updates: Organizations should use web filtering to ensure safe Internet browsing and always install the latest security updates for software.
Adopting modern endpoint protection technologies: Companies must use technologies that go beyond static checks and basic signatures. Such technologies can dynamically detect hidden code in images and other forms of obfuscation. Malicious data detection efforts should be focused on endpoints where encryption and obfuscation are easier to detect.
Leverage threat intelligence: Companies should actively leverage threat intelligence from a variety of sources to stay abreast of emerging trends, especially regarding cyber-attacks using steganography in their industry.
Using comprehensive antivirus solutions: Modern antivirus programs help detect, quarantine, and remove malicious code from devices. They are updated automatically, providing protection against the latest viruses and other types of malware.