With browsers granted so much autonomy in automatically playing embedded videos, GIFs and other images upon loading webpages, cyber-vigilance is necessary

Steganography methods

Still do not believe how steganography is possible? Check this out:

    • One of the ways to embed malicious code in an image is to replace the least significant bit of each red-green-blue-alpha (RGBA) value of every pixel of the image with one small piece of the message.
    • Another technique is to embed something into an image’s alpha channel (denoting the opacity of a color), using only a small portion of the channel to minimize any transparency differences detectable with the naked eye.
    • In the CVE-2016-0162 vulnerability in some versions of the now-defunct Internet Explorer, legitimate advertising networks were tricked into serving up ads that potentially led to a malicious banner being sent from a compromised server.
    • 48% believed “driving environmentally sustainable innovations” was an important improvement area.
    • 79% indicated experimenting with “as-a-Service” solutions to manage their IT environment more efficiently; 76% indicated they were actively moving AI inferencing to the edge to become more energy efficient (e.g., smart buildings).
    • 85% of business decision makers in the survey had reasons to exclude IT decision makers from strategic conversations. Both groups ranked a stronger relationship as the second most important improvement area.

Mitigating factors
Considering that images uploaded to social media websites are usually heavily compressed and modified, it would be problematic for a threat actor to hide fully-preserved and intact code in them.

Most importantly, the other mitigating factors are:

    • The RGB pixel-hiding and other steganographic methods can only pose a danger when the hidden data is read by a software program that knows exactly how to extract the malicious code from the right places, and then execute the reassembled script on the system.
    • Images are often used to conceal malware downloaded from command-and-control servers to avoid detection by cybersecurity software. In one case, a trojan called ZeroT, through infested Word docs attached to emails, was downloaded onto victims’ machines. However, that was not the most interesting part, according to Szabó. The trojan had also downloaded a variant of the PlugX RAT (aka Korplug) — using steganography to extract malware from an image of Britney Spears. In other words, if your systems are protected from trojans like ZeroT, then steganography becomes less of an issue, for now.
    • Finally, any exploit code that is extracted from images depends on specific vulnerabilities being already active in the system for successful exploitation. If your systems are already patched, there is no chance for this exploit to work. Hence, it is a good idea to always keep your cyber-protection, apps, and operating systems up to date. Exploitation by exploit kits can be avoided by running fully patched software and using a reliable, updated security solution.

As always, ESET reminds readers that best practices for cyber hygiene always apply and need to be updated and tracked — all-round cyber awareness is the first step toward tighter vigilance.

From left to right: Clean image; the same image with malicious content embedded; and the same image enhanced to highlight areas hiding extraneous data (Source: ESET Research)