Steganography attack! What it is and why you should care.



You may have never heard of the term 'Steganography'. And neither did I until I heard of it in college syllabus in subject Cryptography.

Raise your hand if you know about it. No, we can't see that.

But this term mean lot in security world and keep my word, "This poses a big threat to your security".

What does Steganography mean

The term "steganography" means something hidden in some other data. Just invisible to users.

In modern computing world, Steganography is used along with computer science to hide sensitive information.

It can be applied with encryption techniques to fool the person who gets past to it.

This can be helpful and for good. Like surpassing sensitive information that gets into hackers' hands in form of other files or information.

This way a hackers will never be able to know what is real information.

How it can be harmful

If used in wrong way, Steganography can cause serious issues in computing.

Imagine a virus/malware embedded into a image or .mp3 file. And Anti-virus solution will just scan the file and treat it non harmful.

Even if does not turns out as a complete malware, the hidden code may be used to trigger an action.


For example, the hacker can embed a malware in a image file which stays on your computer.


And the malware waits for a specific task to get triggered which is legitimate. Like you getting a message from Facebook.


So there is no way of knowing if a steg is present on your computer. The only way is detecting something fishy after the attack is executed.


Nothing is same twice, so there is no practical way to generalise and detect a steganographic attack.

Thus you can only guess something nefarious in computer. Detection simply does not work


Rise in steganographic attacks

Steganography is a broad concept and not a method of encryption or hacking.

It's goal is to hide the fact that something exists at all.

Due to such complexity of stegs, it is seen in small scale malvertising, phishing attacks.

One nefarious application is malware already being present in victim's computer and hacker sending out commands for it to get executed.

Thats how steganography is becoming popular among low-level cyber criminals.

How you can stay safe

While steganography cannot be detected based on previous incidents, you can always stay aware.

Just keep your operating system and software up to date.

Stay vigilant while browsing unknown or unfamiliar sites. And don't download any files from malicious sites blindly assuming that it won't harm.

Keep backup of files and use Two-factor authentication and so on.

And the list goes on.

But these are just prevention to stay safe not actual solutions to steganographic attacks.

The tug-of-war between cyber criminals with companies and developers continues...

No comments