© Provided by: pestaola.gr
While Kaspersky Lab researchers have analyzed multiple digital espionage campaigns and digital criminals, they have identified a new, worrying trend.
Malicious hackers increasingly use the tactic of steganography -a digital version of an ancient technique of hiding messages in images- to hide traces of their malicious activity on a computer that has been attacked. A number of malware software aimed at digital espionage and many examples of malware created to steal financial information have recently been identified to take advantage of this technique.
As found in a typical targeted digital attack, a threat agent -when inside the attacked network- would gain access and then collect valuable information for later transfer to the command and control server. In most cases, proven security solutions or professional security analyzes are able to detect the presence of the threat agent on the network at each stage of an attack, including the unfolding phase. This is because the part of the rendering usually leaves traces, for example, links to an unknown IP or blacklist IP. However, when it comes to segregation attacks, detection of data unfolding is a really difficult task.
In this scenario, malicious users import the information that must be stolen exactly within the code of a trivial visual image or video file that is then sent to C & C. It is therefore unlikely that such an event could trigger security or technology alarms Data protection. This is because after the intruder’s modification, the image itself will not change visually, and its size and most other parameters will also not change and therefore do not cause any worries. This makes segregation a lucrative technique for malicious players when they are going to choose how to remove data from a network that has been attacked.
In recent months, Kaspersky Lab researchers have attended at least three digital espionage companies that have used this technique. More worryingly, the technique is also actively adopted by regular digital criminals, not just by digital espionage. Kaspersky Lab researchers have seen them being used in upgraded versions of Trojan, including Zerp, ZeusVM, Kins, Triton and others. Most of these malware families are generally targeting financial institutions and users of financial services. The latter could be a sign of the imminent mass adoption of malware by malware makers and, as a result, generally increased malware detection complexity.
(Συνολικές Επισκέψεις: / Total Visits: 13)
(Σημερινές Επισκέψεις: / Today's Visits: 1)