Steganography

Steganography is basically a technique for hiding sensitive information in an ordinary message to ensure the confidentiality. Hidden information is extracted at the destination by a legitimate receiver. Steganography uses encryption to maintain confidentiality and integrity. Additional, it hides the encrypted data to avoid detection. the goal of using steganography is hiding the information from the third party. An attacker may use this technique to hide information like source codes, plans, any other sensitive information to transfer without being detected.

You Also Read This Data Breach

Classification of Steganography

Steganograph is classified into two types, technical and Linguistic Steganograph. Technical Steganograph includes concealing information using methods like using invisible ink, microdots, and another method to hide information. Linguistic Steganograph uses text as covering media to hide information like using Cipers and code to hide information.

Types of Steganograpies

White Space Steganography

White Space Steganograph is a technique to hide information in a text file using extra blank space inserted in between words covering file. The secret message is added as blank spaces, Using LZW and Huffman compression method the size of the message is decreased.

Image Steganography

In Image Steganograph, hidden information can be kept in different formats of images such as PNG, JPG, BMP, etc. The basic technique behind Image steganograph is, the tool used for Image steganograph replaces redundant bits of the image in the image. this replace ment is done in a way that it cannot be detected by human eye. You can perform Image Steganograph by different techinique like:-

• Least significant Bit Insertion

• Masking and Filtering

• Algorithm and Transformation

Tools for Image Steganography

• OpenStego

• QuickStego

Example

Open Quickstego Application

Upload an Image. This Imgae is term as Cover, as it will hide the text

Enter the Text or Upload Text File

Click Hide Text Button

Save Image

This Saved Image Containing Hidden Information is termed as Stego Object

So why are malware authors increasingly using steganography in their creations? We see three main reasons for this:

• It helps them conceal not just the data itself but the fact that data is being uploaded and downloaded;
• It helps bypass DPI systems, which is relevant for corporate systems;
• Use of steganography may help bypass security checks by anti-APT products, as the latter cannot process all image files (corporate networks contain too many of them, and the analysis algorithms are rather expensive).

The problems are obvious:

• Steganography is now very popular with malware and spyware writers;
• Anti-malware tools generally, and perimeter security tools specifically, can do very little with payload-filled carriers. Such carriers are very difficult to detect, as they look like regular image files (or other types of files);
• All steganography detection programs today are essentially proof-of-concept, and their logic cannot be implemented in commercial security tools because they are slow, have fairly low detection rates, and sometimes even contain errors in the math (we have seen some instances where this was the case).

Statistical methods of analysis: histogram method

This method was suggested in 2000 by Andreas Westfeld and Andreas Pfitzmann, and is also known as the chi-squared method. Below we give a brief overview.

The entire image raster is analyzed. For each color, the number of dots possessing that color is counted within the raster. (For simplicity, we are dealing with an image with one color plane.) This method assumes that the number of pixels possessing two adjacent colors (i.e. colors different only by one least significant bit) differs substantially for a regular image that does not contain an embedded payload (see Figure A below). For a carrier image with a payload, the number of pixels possessing these colors is similar (see Figure B).

The above is an easy way to visually represent this algorithm.

Conclusions of Steganography

We are seeing a strong upward trend in malware developers using steganography for different purposes, including for concealing C&C communication and for downloading malicious modules. This is an effective approach considering payload detection tools are probabilistic and expensive, meaning most security solutions cannot afford to process all the objects that may contain steganography payloads.

However, effective solutions do exist – they are based on combinations of different methods of analysis, prompt pre-detections, analysis of meta-data of the potential payload carrier, etc. Today, such solutions are implemented in Kaspersky Lab’s Anti-Targeted Attack solution (KATA). With KATA deployed, an information security officer can promptly find out about a possible targeted attack on the protected perimeter and/or the fact that data is being exfiltrated.