In early September 2022, researchers identified a threat group [Worok] that targeted many victims, including government entities around the world, to gain access to devices. The hackers concealed malware used to steal information inside PNG images by least significant bit (LSB) encoding which attaches malicious code to the LSB in the image’s pixels.
Alyn Hockey, VP Product Management at cybersecurity software and services provider Fortra tells Digital Journal: “It’s a hack that’s easily undetected and the old technique is increasingly used to hide malware payloads. So, when an image is viewed by a member of an organization, the payload, otherwise known as a virus, worm or Trojan, can start work immediately – resulting in damage to systems and loss of data”
Steganography is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection.
The attack also has an historical basis, says Hockey, noting: “Steganography examples can be traced back as early as 5 BCE when used as a defense tactic by Histiaeus, a Greek ruler of Miletus. Histiaeus shaved and tattooed a man’s head with messages that would go unnoticed once his hair grew back. The alleys, aware of the practice, found the warning messages on the man’s scalp.”
It appears that such tactics are alive and well, Hockey points out: “Fast forward to 2022 when an employee of General Electric was convicted of conspiracy to commit economic espionage. While this sounds like something out of a thrilling motion picture, the former employee simply used steganography.”
There are other risks too: “He was able to take company secrets in files by downloading, encrypting, and hiding them in a seemingly mundane sunset photo. He used his company email address to email the image to his personal email address. According to court documents, the encryption process took less than 10 minutes.”
The key to this form of attack is its weak detectability, finds Hockey: “Again, while not as common as other cyberattacks, the shocking and quick way it can fly under the radar is reason enough to have a security solution that protects not only from external threats like malware but keeps data safe through effective data loss prevention methods.”
There are measures that firms can take: “Organizations can apply an anti-steganography feature to sanitize all images as they pass through the secure email gateway. Anti-steganography removes anything hidden within the image, which will not visually alter the image but make it impossible for recipients to recover hidden information – including accidental opening of malware.”
Emphasising the importance of such measures, Hockey concludes: “While this will cleanse all images, it mitigates the overall risk thereby keeping the organization safe – doing so in milliseconds, so the flow of business won’t be disrupted.”