alphaspirit - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

Can steganography techniques help attackers hide?

Attackers may be looking to use steganography techniques to hide their malware. Expert Nick Lewis explains how they work and how to spot them.

I read steganography is expected to grow increasingly popular with hackers in the near future. How does a hacker use steganography, and how can enterprises best defend against steganography-based attacks?

Steganography is the hiding of a secret message within an ordinary message. Using steganography techniques, like using encryption, helps attackers to minimize the chance of their attack being detected. And like encryption, using steganography techniques effectively requires proper implementation. But as attackers improve their usage of encryption, moving beyond simple ransomware schemes and using it to hide and exfiltrate corporate data, they will need to take additional steps to hide their communications, which could lead to an increase in using steganography techniques. This helps thwart heuristic or behavioral analysis that looks for anomalies in network connections. For example, attackers could use a social network of their choosing for their command-and-control infrastructure in order to hide their communications with the legitimate network traffic to the website. In a targeted attack, an attacker could try to identify the most common social network in use at the enterprise and use that to set up the command-and-control communications for their malware.

Enterprises can defend against attacks that use steganography techniques in much the same way they can defend against attacks using encryption -- by using tools that look for anomalies in protocol or extra data in a communication channel. For example, if a JPEG file looks like a low-quality image when opening it in a picture viewer, but the file is larger than expected, there is a good chance there is something else being stored in the JPEG, requiring further analysis.

Next Steps

Learn how to use steganography to secure data instead of concealing it

Discover ways to detect and mitigate advanced evasion techniques

Find out how to use OpenPuff steganography to send sensitive info securely

This was last published in January 2016

Dig Deeper on Emerging cyberattacks and threats

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

How does your organization scan for potential steganography-based threats?
So far, we don't. We should; we've been hacked before and we're terrified of getting hacked again. We undoubtedly will, though there's no timetable on it. Perhaps we're hiding our fix from the hackers so they don't hack the latest impenetrable wall....
Thanks for teaching something new and reminding about something pretty old! I remember my 80x86 Assemble course work (over 20 ago) analyzing polymorphic "stealth" viruses hiding their "bodies" as data and innocent code. I had no idea it'd be called steganography!
Steganography has been around since well before 440BC. (That reference only noted something that was already in use, but it's the first we have.) It's been used to infect computers since the late '80s.

One way or another, attackers will keep trying to get into your private data. This is just another tool in their very large arsenal. And, yes, of course it helps hackers hide their nefarious deeds. The real questions are how will we find it, how will we stop it.,,,
Something never become obsolete. The method has been around forever and is still useful today. It also has become just another forgotten method that people are exploiting for nefarious reasons.