Steganography is the practice of hiding secret messages in otherwise non-secret mediums. It has been used in various ways for years – writing Revolutionary War messages in invisible ink, as an example. In the digital world, even something as benign as an image may be stealthily encoded with information. As an example, the pixel values, brightness, and filter settings can be manipulated by a hacker using a secret code to embed a message.
Through this technique hackers are deceiving internet users and smuggling malicious payloads past security scanners and firewalls. Steganography’s goal is to hide the fact that the content exists at all by embedding it in something else. The hidden code can then be used in all sorts of malicious attacks.
Various reports indicate that steganography is being used more than ever … although it is possible that the good guys are just getting better at detecting it. Steganography is being detected not only in sophisticated hacks, but in the attacks of low-level cyber criminals as well: malvertising; phishing; and malware distribution. This may be in part to the sale of steganographic instructions, allowing the technique to trickle down to the bad guys who may not have thought of a particular attack.
For individuals and small businesses, the way to protect yourself from steganographic attacks is to continuously work on security overall. Whether a phishing or a malvertising attack incorporates steganography or not, it still requires you to click on a link or download a file. If you’re aware of these types of attacks, looking out for them, and securing your accounts with protections like two-factor authentication, you’ll reduce your risk and have defenses in place if you are attacked.
Overwhelming, isn’t it? The Network Division at 2-Way communications can help. We’ll provide you with the integrated Security Awareness Training and Simulated Phishing platform used by more than 8,000 customers nation-wide. Contact The Network Division for more information or to set an appointment today. Give them a call (603-431-6288) or send an email to NetworkSolutions@2-Way.biz.