Picture this news story: “42 suspects in three countries were arrested today in connection with the attempted theft of intellectual property from XYZ Corp. XYZ Corp. worked with law enforcement in each country in order to identify and apprehend the would-be thieves. The Attackers were caught due to flaws in the implementation of their attack, which relied on steganography for a key portion of the attempted theft.” Here We have a fictitious story - but it may not remain such a fictitious concept for long. In Reality, malware authors and malware groups are always looking for sneaky methods, techniques, and technologies and steganography fits the bill frighteningly well. A double bonus for malware authors is that this technology is old (academia has been examining the technique for a long time – therefore, lots of the hard work has already been done) and it is only just beginning to make its debut in the digital underground (Vinself, Shady RAT). Malware groups have a pattern of stealing technology from each other – if one form of technology is successful, a competing malware group will simply appropriate that into their own offerings. Steganography Is a method of covertly communicating. Its close cousin is encryption, where the individual messages are obscured. In This case though, the entire fact that a conversation is taking place is obscured. Speaking Technically, encryption makes the messages covert, but not the communication channel - steganography makes the channel itself covert. What's worse is that both can be used together - a message can be encrypted and then the channel hidden through steganography. Detecting steganography is difficult. The field dedicated to this topic is called "steganalysis". The current threat from this type of technology is unclear and probably small. As This technique is somewhat new on the threatscape and appears to be gaining a foothold, as well as the potential applications of this technology, this author recommends maintaining acute awareness. If you are a large organization or one potentially prone to attacks such as APTs, more serious review and education into this technology is warranted. Here are some potential avenues to consider exploring:
One final note: to illustrate the nature of this technology a short message is steganographically embedded in this post using text steganography. The key is as follows: write down the first letter of each sentence where the second word is capitalized. For the technically inclined, this is also very similar to chaffing-and-winnowing.