Steganalysis and Machine Learning

Steganography is a secret mechanism for encoding information by any means of transmission. Its use has been known since ancient Greece and defined in glossaries towards the end of the fifteenth century. Both the encoded information and the medium of transmission are secret; that is, known only to the parties who intend to communicate in an occult way. Steganography therefore presents itself as an ideal tool for the creation of secret communication channels that can be used in sophisticated espionage scenarios, computer crime and data breaches in public and private sectors.

A common steganographic technique

In Part 1, we gave an overview of the growth of stegware (steganography malware) and how security experts underestimate its use as an attack vector. In this blog we look at the ways stealthy stegware is delivered and how this dangerous threat can be so difficult to detect.

In its simplest form, stegware is concealed inside seemingly innocuous digital images. In the burgeoning digital era, cyber attackers used the increasingly multimedia-driven content of the internet to their advantage to conceal their secret code within public images.

The rise of stegware: 2011 to 2019

Steganography in malware, known as stegomalware or stegware, is stealthily increasing in popularity as attackers diversify in pursuit of flying under the radar with their malicious code hidden from view in parasitic fashion. Malware authors continue to display versatility in devising new techniques, and re-inventing existing ones, in the hunt for ways to hide their malicious wares.

Malware writers are bringing the ancient practice of steganography up to date by masking malicious code in pictures, videos and other seemingly harmless types of image files. Many of these types of files are considered to be a low security risk and are often overlooked for further analysis. This has provided an ideal gateway of opportunity for would-be cyber attackers and for the concealment of malicious code.