The world is a visual place. Communication through photos and short videos have now become commonplace with applications like Instagram and TikTok. Photos are easily taken from accessible devices and used to share information such as events, news, and even emotions at a rate and speed unlike anything before it. But what many may not realize is that photos can also be used to inconspicuously share data or carry out a ransomware cyberattack. The practice of concealing messages, images, or files within other messages, images, or files is called steganography. It comes from the Greek word steganos (covered) and the Latin word graphia (graphy). With the popularity of photos and images, this hacking method will likely increase and continue to see success.
It's What You Don't See, Steganography - the Double Threat
The Malware Payload Threat
Remember the Magic Eye images of the 1990s? The colorful images would hide an image inside the pattern where people would literally place the image to their nose and slowing pull it back to a blurring effect that revealed another object. Now imagine that hidden object inside the photo with no way to see it, and instead of a simple image like a boat it’s a piece of malware waiting to infiltrate. Steganography or steganography malware may not be the most common, but it packs a punch when used.
While many people attribute steganography as a method to sneak information out of an organization, the other side of the coin is sneaking harmful code into the organization. Cybercriminals may embed the threat as an overlay to an image in a PowerPoint deck. It’s an easy hack that’s easily undetected and the old technique is increasingly used to hide malware payloads. So, when an image is viewed by a member of an organization, the payload, otherwise known as a virus, worm or Trojan, can start work immediately – resulting in damage to systems and loss of data.
The Data Loss Threat
Malware isn’t the only angle in which your data is at risk. Steganography examples can be traced back as early as 5 BC when used as a defense tactic by Histiaeus, a Greek ruler of Miletus. Histiaeus shaved and tattooed a man's head with messages that would go unnoticed once his hair grew back. The alleys, aware of the practice, found the warning messages on the man's scalp.
Fast forward to 2022 when an employee of General Electric was convicted of conspiracy to commit economic espionage. While this sounds like something out of a thrilling motion picture, the former employee simply used steganography. He was able to take company secrets in files by downloading, encrypting, and hiding them in a seemingly mundane sunset photo. He used his company email address to email the image to his personal email address. According to court documents, the encryption process took less than 10 minutes.
Again, while not as common as other cyberattacks, the shocking and quick way it can fly under the radar is reason enough to have a security solution that protects not only from external threats like malware but keeps data safe through effective data loss prevention methods.
Anti-Steganography Sanitizes Photos in Milliseconds
Without digital fingerprints it can be very difficult to detect what was used to hide the data inside the photo/image and combing through every image coming and going through a network is tedious. So how does one secure photos?
The best practices for securing photos:
- Be aware of images as a malware threat, while an image may seem innocent, it can be crawling with seemingly invisible code.
- Do not assume images threats only come from outside the organization. Images can also be used to hide data.
- Have an email security solution includes images sanitization. Many email security solutions do not provide image sanitizing. Make sure your solution does.
Both on-premise Clearswift Secure Email Gateway (SEG) and Clearswift Secure Web Gateway (SWG) feature anti-steganography found in the document sanitization option, which also removes document properties, revision history, and additional concealed metadata. Anti-steganography disrupts the image, which will not visually alter the image but make it impossible for recipients to recover hidden information – including accidental opening of malware. While this will unnecessarily cleanse all images, it mitigates the overall risk thereby keeping the organization safe – doing so in milliseconds, so the flow of business won’t be disrupted.
Already Have Microsoft 365?
Clearswift can be added onto existing email security solutions, such as Microsoft 365, to provide the most robust security by filling the gaps missed by other solutions – including photo security.