EXECUTIVE SUMMARY:

A cyber espionage group aims to disrupt the governments of several Middle Eastern nations and has previously attacked the stock exchange of an African country, deploying malware to steal large volumes of data.

Windows logo
Attackers conceal malware in the Windows logo

The intrusions have involved a steganographic trick to conceal a previously undocumented backdoor in a Windows logo.

In other words, attackers are stuffing malware into the innocuous looking Windows logos that most people are familiar with, and the malware can be downloaded onto network systems.

Steganography attack

The steganography attacks on one Middle Eastern government agency began in February of this year. Across the next few months, attackers managed to nettle through the network, exfiltrate data and steal sensitive information. This continued through early September, researchers believe.

Responsible party

Cyber security researchers say that it’s too early to say which attack group is responsible for these events, but the attack group is loosely referred to as ‘Witchetty’.

Attacks conducted by Witchetty are identified through the use of two pieces of malware: one known as X4 and a second-stage payload, known as LookBack.

What is steganography?

Steganography is considered a new cyber attack vector. In the digital domain, steganography involves embedding data in non-secret, public information or computer files -such as an image- in order to evade detection.

Types of steganography attacks

1. Text steganography

In a text-based steganography attack, hackers hide malicious code inside of text files. Specifically, hackers alter the text format in the existing file, changing words and creating random characters or sentences.

2. Image steganography

In an image steganography attack, attackers conceal malicious data in an image. Bits or pixels are replaced with malware code. A series of different tactics can be used in image steganography attacks, including masking and filtering, pattern encoding, and cosine transformation methods.

3. Audio steganography

In this type of attack, hackers exploit WAV audio files in order to conceal customized malware.

4. Video steganography

In video steganography attacks, hackers deploy a series of different techniques to hide malicious code within a moving stream of images and audio files.

Preventing steganography attacks

  • Educate employees about the fact that images can harbor malicious code. Teach employees how to identify markers of steganography, such as slight color differences in images, or large numbers of duplicate colors in an image.
  • Take steps to prevent steganography attacks conducted by insiders. Create a repository of trusted corporate applications from which individuals can download images and/or software, preventing employees from downloading materials from unknown sources that may contain steganographic code.
  • As an organization, ensure that you have web filtering for safer browsing in place, and that you are up-to-date with the latest security patches.
  • Segment your network. In the event of a successful steganographic attack, virtualization architectures and proper network segmentation can assist with outbreak containment, as the secure and verifiable boot processes that they rely on and continuous traffic monitoring help to keep applications isolated.

For more on this story, click here. Lastly, to receive cutting-edge cyber security news, insights, best practices and analyses in your inbox each week, sign up for the CyberTalk.org newsletter.

Have your technology leaders featured on CyberTalk.org