Malware Payloads Hide in Images: Steganography Gets a Reboot

Low-key but effective, steganography is an old-school trick of hiding code within a normal-looking image, where many cybersecurity pros may not think to look.

One of the challenges of cybersecurity is that overfocusing on one threat trend means that another one can sneak up on you. This is especially problematic as our networks and the attack surface expands. Beyond threat vectors, though, we also need to pay attention to the entire spectrum of threat techniques and strategies. So while we are preparing our networks for the next zero-day threat, we need to make sure that we are keeping a lid on familiar exploits.

Cybercriminals are especially fond of using existing malware in new ways for a number of reasons, the most common being economic. It is much cheaper to tweak an existing exploit than invent something new, and if done right, that tweak can slip past existing defenses right under the noses of cyberprofessionals. A recent Fortinet report found that one of these threats in need of monitoring is the recent revival of the “old school” trick of steganography.

Read more…
Source: ThreatPost