Steganography is a secret mechanism for encoding information by any means of transmission. Its use has been known since ancient Greece and defined in glossaries towards the end of the fifteenth century. Both the encoded information and the medium of transmission are secret; that is, known only to the parties who intend to communicate in an occult way. Steganography therefore presents itself as an ideal tool for the creation of secret communication channels that can be used in sophisticated espionage scenarios, computer crime and data breaches in public and private sectors.

A recently published report – jointly produced and released by Europol and Eurojust – offers an update on a relevant and interesting subject for all SIMARGL stakeholders. The second report of the Observatory Function on Encryption is aimed at law enforcement, judiciaries and policy makers as a reference source on the latest technical and legislative developments around encryption.

This paper builds on the objectives of the first report, released in Jan 2019, to provide an overview of the state of play on encryption from the perspective of the law enforcement and judicial communities. The current environment in which criminals are able to exploit encryption and other security vulnerabilities remains challenging for the judicial and law enforcement authorities of EU Member States, the report authors emphasise.

In Part 1, we gave an overview of the growth of stegware (steganography malware) and how security experts underestimate its use as an attack vector. In this blog we look at the ways stealthy stegware is delivered and how this dangerous threat can be so difficult to detect.

In its simplest form, stegware is concealed inside seemingly innocuous digital images. In the burgeoning digital era, cyber attackers used the increasingly multimedia-driven content of the internet to their advantage to conceal their secret code within public images.

Steganography in malware, known as stegomalware or stegware, is stealthily increasing in popularity as attackers diversify in pursuit of flying under the radar with their malicious code hidden from view in parasitic fashion. Malware authors continue to display versatility in devising new techniques, and re-inventing existing ones, in the hunt for ways to hide their malicious wares.

Malware writers are bringing the ancient practice of steganography up to date by masking malicious code in pictures, videos and other seemingly harmless types of image files. Many of these types of files are considered to be a low security risk and are often overlooked for further analysis. This has provided an ideal gateway of opportunity for would-be cyber attackers and for the concealment of malicious code.

On November 14 and 15 this year the third central European Cybersecurity Conference took place in Munich. On the occasion of this event consortium members of the SIMARGL Project presented their results out of the project.

About CECC

This conference is organised by the University of Maribor. The conference provides a platform for academics and practitioners to exchange information on cybersecurity. The aim is to promote an active dialogue about technical and social aspects of cybersecurity.

Last week, at the ARES 2019 Conference, the SIMARGL project was presented at the CUING 2019 workshop.

What is ARES?

ARES is a medium-sized conference with a focus on state-of-the-art research in the fields of dependability and security. Since 2017, the CUING workshop has been held at ARES, and has presented the latest research on steganography and information hiding to a multi-disciplinary audience.

In order to improve cyber attacks detection, we have started SIMARGL (Secure Intelligent Methods for Advanced Recognition of Malware and Stegomalware, Grant Agreement No 833042), a three-year project, on the 1st of May 2019. SIMARGL kick-off meeting was held on 13th – 14th of May at the FernUniversität in Hagen, Germany.

SIMARGL is a project co-funded by the European Commission under Horizon 2020 programme, to combat the pressing problem of malware. It aims to tackle the new challenges in the cybersecurity field, including information hiding methods, network anomalies, stegomalware, ransomware and mobile malware. SIMARGL will offer an integrated and validated toolkit improving European cyber security.