Cybercriminals and Cyber Espionage Teams Use Steganography to Cover Their Tracks

Steganography is one of the most powerful and underutilized technologies we know today. Embedding information within images anyone can see is a great way to distribute data to others without relying on third-party communication channels. A new report from Kaspersky Lab shows steganography use is on the rise among both cybercrime groups and individuals conducting cyber espionage.

The Wrong People Are Using Steganography

It is always interesting to read reports regarding steganography usage. Most people tend to forget about this technology even though it has the potential to disrupt communication as we know it. It is a great way to distribute information to people who know what they are looking for. What looks like yet another online image to the rest of the world holds a ton of valuable data which the intended recipient can extract. 

What is rather worrisome, however, is how the wrong entities have seemingly started using this technology for their own benefit. Both cybercrime gangs and entities conducting cyber espionage are relying on this method of communication more often nowadays. Threat actors using this ancient technology to hide data theft and any other malicious activity on infected systems is not a positive development by any means.

A new report from Kaspersky Lab shows at least three massive cyber espionage campaigns in which steganography was employed to hide stolen data. Additionally, this method was utilized to communicate with centralized command-and-control servers used during these attacks. It is unclear how many entities may have been affected by steganography-oriented attacks so far.

Cybercriminals have taken a liking to steganography as well. This technique is often combined with malware attacks — including the Zeus and Shamoon tools — making things go from bad to worse pretty quickly. Malware developers may look into incorporating steganography as part of their attack strategies moving forward. Should that be the case, they will have an easier time hiding communication with centralized servers, as well as hiding the information they steal.

All this means anti-intrusion tools will need to undergo a major revamp as well. Right now, it is difficult enough for companies to protect themselves from malware and ransomware attacks. Fighting off steganography-based attack vectors have proven nearly impossible so far, although it is not something that could not be achieved. Unfortunately, this trend means any digital file, including images and videos, become potential threats. This is a very disturbing development.

Contrary to what people may think, steganography is not limited to the use of images and videos to hide information either. Threat actors have been using other files as well, including audio files, text files, and domain names, to hide information and communication with command & control servers. Images remain the biggest culprits for now, but it is helpful to know that other file types may play critical roles as well. Thankfully, the amount of information hidden within these files is still fairly limited and is expected to remain so for some time.