Digital Risk Protection Service
[Whitepaper] Detection of Steganography Attacks
Steganography is a camouflage method for a message or an activity. It hides the malicious code which harms the victim’s computer. It is not just used for cyber attacks, it was also used for messaging anonymously in battle in the past. Commanders and soldiers communicated with this method during some wars.
Today, it is used for hiding the malicious code in a legitimate file so that the target will execute/open the file and get the message written in the foreground of the file. However, in the background, malicious code runs and does the malicious activity (connect the victim’s computer to the C2 server, download another malware, encrypt the files for ransom, or other cyber attack vectors).
So, is it easy to detect these attacks?
Attackers change the least number of bits as they can so that the file cannot be differentiated by a person. The attackers generally tend to change the LSBs (Least Significant Bits) of the file so that the change cannot be understood easily. Yes, the file is different now (you can prove that by comparing the hash values of the original file and the malicious file), but…
Brandefense Threat Reports
Cyber Threat Intelligence Team