What is steganography in cyber security?
In today’s article we will talk about what is steganography in cyber security, how it works and other related aspects.
What is steganography?
Roughly, the meaning of Steganography is the method of hiding any information into any physical object, message or other similar things to conceal its identity.
The history of steganography goes back centuries. Steganography is made up of two Greek words ‘Steganos’ [hidden] and ‘Graphein’ [writing]. Its purpose is clear from its name.
The first instance of use of steganography is found in 440 BC. The earliest examples of steganography can be traced back to 125 BC, when Herodotus mentioned two examples of steganography in The Histories of Herodotus.
Demaratus, in Greece, wrote directly on the wooden backing of a wax plate produced by bees, before applying it to the wax plate. Had sent a warning about the future attack on Greece.
Another famous example of steganography was writing a secret message on the shaved head of the most trusted servant in ancient times and sending the message to its destination when his hair grows.
In modern days, Steganography is also used by cyber attackers in which they hide information, malicious tools/codes or instructions for their command and control servers in document files, media files etc. that appear innocent.
For this purpose, a media file is considered the most ideal because its size is large. The color of each 100 pixels can be adjusted by the sender according to the corresponding alphabet, which cannot be noticed without looking very carefully.
You may also like:
- Generative AI the new battlefield for cyberspace in 2024: Shocking Threat
- Cyber Risks Biggest Threat Faced By Indian Organizations: Latest PWC’s Survey 2023
How does steganography work?
In modern digital steganography, the desired information is encrypted or obfuscated and put in the main image file, text files etc. using a specific algorithm so that it cannot be recognised.
Use of watermark is also a form of steganography. Online publishers use watermark technology to ensure the originality of their products.
The most popular method of steganography is to embed text information in media files. If this is done correctly it becomes very difficult to identify real and fake files.
One prevalent technique is LSB (Least Significant Bit) technique, in which secret data is embedded into the least significant bit of a media file.
For example:
- Each pixel in an image file is made up of three bytes, which stand for red, green, and blue in the color range. A fourth byte is sometimes set aside for transparency, or “alpha,” in certain picture formats.
- To conceal a single bit of data, LSB steganography modifies the final bit of each of those bytes. Therefore, you would need an eight megabyte image file in order to conceal one megabyte of data using this method.
- Anyone viewing the original and the steganographically-modified images won’t be able to distinguish between them because altering the final bit of a pixel value doesn’t produce a visually noticeable change to the image.
Secret data can be hidden not only in image files but also in audio and video files in such a manner using specific algorithms so that it cannot be identified.
In another way, the secret text information can be distributed in larger text in the form of words or letters and it can be assembled at the destination.
Further steganography techniques include data embedding in the header section of files and network packets. Method of hiding an entire hard drive partition is also being used in steganography.
The parameter to determine effectiveness of a steganographic process is based on its simplicity and non-noticeability.
Steganography software performs various functions –
- Data hiding, including encoding the data so that it can be concealed inside a different file.
- Identifying the specific sections of the cover text file that hold hidden information.
- Encrypting data.
- Allowing the intended recipient to extract hidden data.
Software for steganography is available both as proprietary and open source.
One open source steganography tool is called OpenStego. The kinds of data that can be hidden and the kinds of files that can contain that data are characteristics of different programs. Online steganography software tools include Crypture, a command-line tool; Image Steganography, a JavaScript tool that conceals images inside other image files; and Xiao Steganography, which conceals secret files in BMP or WAV files.
Types and techniques of steganography:
Mainly, there are five types of steganography which are as follows:
- Text -Text steganography is the practice of hiding secret text data into larger text contents. This can involve creating random character sequences, modifying words within a text, generating readable texts using context-free grammars, or altering the format of already-written text.
- Image– In image steganography, secret information is hiding in the image files in such a manner that it cannot be noticeable.
- Video – Secret data is concealed in Video file format.
- Audio – In this steganographic technique, data is hidden in Audio files in non-noticeable form.
- Network – The process of embedding information into network control protocols—such as TCP, UDP, ICMP, and others—that are used for data transmission is called network steganography. It is also sometimes referred to as protocol steganography.
Difference between cryptography and steganography:
Steganography and cryptography are generally understood to be the same but there is a difference between the two.
In cryptography, keys are required for data decryption but in steganography there is no key concept.
In cryptography, data is encrypted and sent. If encryption is banned in any country then there may be a problem. In Steganography the secret data is hidden in the harmless files so no such problem arises.
How is steganography used to deliver attacks?
The use of steganography is considered a weapon by cyber criminals.
- Malicious codes or payloads can be embedded in digital media files so that when they are downloaded, the system gets infected and data can be stolen.
- Ransomware attackers hide malicious codes in harmless and popular file formats or software to make you download the software and try to deceive you. If you do not download software or files from a trusted source, you may run into problems.
- Threat actors can hide commands in web pages for their implants and in debug logs published in forums for uploading stolen data.
- Malvertising is also a form of steganography used by cyber criminals. In this process, advertisements are used to conceal malicious codes which may be downloaded into your system and can be used to steal your precious data.
How to detect steganography?
The process to detect steganography is called ‘steganalysis’. Analysts use several tools like StegExpose and StegAlyse for this purpose. ‘Hex viewers’ type general analysis tools are also used to find anomalies in files.
However, detection of steganography is still a challenge as many more files are being uploaded on social media day to day and scanning all of them is virtually impossible.
How to avoid steganography-based attacks?
- Always try to download files and softwares from a trusted source.
- Do not click on any link provided from an unknown source. It can download malicious code or malware in your system and can harm you.
- Organizations and Institutions should use web filtering and latest cyber security updates and patches.
- Always use good quality antivirus and antimalware software and keep them updated.
- Companies should employ more advanced endpoint protection technologies these days, as code concealed in images and other forms of obfuscation are more likely to be dynamically detected by a behavioral engine than static checks, simple signatures, and other antiquated components.
- As encryption and obfuscation are more easily detected at endpoints, companies should concentrate their detection efforts there.
- In order to stay current with trends, including cyberattacks impacting their industry where steganography has been observed, companies ought to use threat intelligence from a variety of sources.
Conclusion:
In this article we discussed what steganography is, how it is used in cyber security and how we can avoid steganography-based attacks and can keep our precious data safe from cyber attackers.
That’s all for now my friend! I hope this article will be valuable for you. You can reach me through the emails given below. I will love your valuable comments and feedback.
Yours
Abhijit Ranjan