In January, an image-based malware threat that targets Mac users was discovered. The malware campaign, called VeryMal, uses malicious payloads embedded in ad images, which are delivered through an ad-serving domain. The URL added to the image attempts to trick Mac users into installing a fake Adobe Flash update. When installed, the user contributes to the rapid growth of an online malvertising campaign capable of carrying out millions of attacks. Researches estimate that up to 5 million users have been exposed to the malware – each day.
A technique called steganography is used to embed malicious payloads into ad images. Steganography is the process of adding data into a file, message, image or some other digital content to conceal that data. For example, data can be hidden by using the same color as the pixels in an image. This will make the image appear identical to the original while concealing the data.
Steganography is not an inherently dangerous method for integrating text or data into an image. There are many legitimate reasons to hide an innocent message within content. Problems happen when hackers use this technique to secretly hide and execute malicious code. Modern hackers are using steganography to hide their malware in plain sight, much like invisible ink is used to hide secret messages on paper. Malware is being concealed in videos, photos and graphics so it can be transmitted without being detected.
Research shows that steganography-based attacks increased a whopping 600 percent in 2017. Part of the reason is that sophisticated security teams and forensics experts have been able to intercept encrypted files and check them for metadata that reveals what they do and whether they’re communicating with a remote server. As a result, cryptography is not as effective as it once was for hiding malware. Steganography is another way for hackers to stay one step ahead of the good guys by operating in stealth mode, avoiding security defenses and disguising their communications.
Although security researchers have begun compiling a list of factors that would indicate the presence of malicious code, steganography-based attacks are typically zero-day threats. This makes detection extremely difficult. However, there are steps organizations can take to mitigate the risk of these attacks.
Current, reliable threat intelligence is absolutely essential if you expect to stop steganography-based threats. You also need to create an isolated environment, or sandbox, where suspicious files and applications can be safely observed and tested without risk to the rest of the network. A next-generation firewall can help you block many threats and should also be part of your security strategy.
In addition, follow security best practices. Deploy patches and update security software and policies as quickly and efficiently as possible. Take a proactive approach to maintain proper cybersecurity hygiene and make sure end-users are educated about steganography-based attacks, what suspicious indicators to look for, and what to do if the presence of malware is suspected.
The SSD Assurance managed security services program uses a multilayered approach to secure your data assets, monitor your IT environments, identify vulnerabilities, and close those gaps with the right tools and expertise. Let us help protect your systems and network against steganography-based threats.