Stegware aka Steganography Malware – Malware of the Month, July 2019

With malware attacks growing by the day, cybersecurity has become so critical that it even “keeps our generals awake at night”. Maintaining tabs on the latest malware types can provide vital clues to better protect our organizations and keep them cybersecure. In this blog we discuss the master of stealth — Stegware aka Steganography Malware. Our past roster of Malware spotlights includes the Emotet malware and Invisible aka Fileless Malware.

What is Stegware aka Steganography Malware?

Steganography comes from the Greek words “steganos” meaning covered, and “graphein” meaning “writing. It is an ancient methodology of disguising hidden messages – quite famously it was used to pass messages across enemy lines in ancient Greece by writing the covert message on a shaved head, and then sending the messenger when his hair had grown to cover the message. And malware based on steganography employs the same technique – it conceals a file, message, image, or video within another of the same type – for malicious purposes.

Why is Stegware on the Rise?

  • The secret to its potency lies in the fact that it is very hard to find – almost undetectable. Recently, a former GE engineer was indicted for encrypting files containing GE’s proprietary information in a photo of a sunset. He then allegedly emailed it to his personal mailbox with the subject, “nice view to keep”.  The indictment stated that it was “uncommon even among trained computer experts, and both GE Digital analysts and FBI agents specializing in cyber crimes.”
  • As the malware is typically hidden in a seemingly harmless-looking image, it does not raise alarm the way a “.exe” or jumbled text would. Popular Twitter memes, fake ad banners, adorable kittens – images that are inconspicuous. In fact, it even escaped our eyes – Facebook was recently accused of embedding tracking information in photos in it.
  • And finally, it is relatively easy to implement with a variety of encryption algorithms.

Tips for Protection:

Anti-virus solutions are working hard at improving stegware-detection, but it is still in its nascent stages. The best way, for now at least, to prevent stegware is by keeping an eye out for the red flags its workflow mechanisms raise. 

  • Encryption is essential for stegware. For instance, the GE case above came to light when they discovered that 400 files had been encrypted by the employee using software not issued by the company. Prohibit the download of software not white-listed by the organization.
  • The other aspect of stegware is transferring of the malware. If your network allows the use of social media, secure the transfer of any sensitive data with browser sandboxing. Likewise, restrict the transfer of data from work devices/emails to personal devices/emails. Monitor your network for high-payload transfers.
  • Finally, don’t forget basic cybersecurity hygiene – keep your anti-virus programs updated, educate employees about the dangers of downloading unapproved software and accepting files with untrusted electronic signatures.

Having a safety net for your valuable data is essential to ensuring business continuity, enabling quick data recovery and significantly limiting damages. A reliable backup and recovery solution can tangibly ease the stress and anxiety of data loss. 

Stay backed-up and tune into Aug’s Malware of the Month – Wipers.

Learn More About Spanning Backup