A Picture is Worth a Thousand Threats: Using Steganography to Deliver Malware Past Secure Web…
A Picture is Worth a Thousand Threats: Using Steganography to Deliver Malware Past Secure Web Gateways
‘Last Mile Reassembly Attacks’ evade every Secure Web Gateway in the market and deliver known malware to the endpoint
At DEF CON 32, SquareX showcased more than 30 vulnerabilities in Secure Web Gateways (SWGs), exposing how these widely trusted solution fails to detect client-side web threats. Once seen as the cornerstone of enterprise security, SWGs are now showing their limitations in defending against a growing category of client-side web attacks that operate beyond their reach. Collectively, these attacks are called ‘Last Mile Reassembly Attacks’.
Among the various attack methods discussed, image steganography stood out, capturing significant attention from the audience.
What is Steganography?
Steganography is the practice of concealing information within another medium in a way that hides the very existence of the hidden data. Unlike encryption, which scrambles the data to make it unreadable without a decryption key, steganography keeps the data intact but embeds it in a manner that makes it appear innocuous.
Historically, steganography has been used for secret communication, dating back to ancient times. For example, ancient Greeks would write hidden messages on wooden tablets and cover them with wax, or use invisible ink to transmit information without raising suspicion. In modern times, digital steganography hides data in digital media such as images, audio files, or videos, taking advantage of the large data capacity of these formats to store hidden information without significantly altering the appearance or quality of the carrier file.
Image steganography is a technique used to hide data within an image file in such a way that it is imperceptible to the human eye. The hidden data, which can be text, files, or even malicious code, is embedded into the image’s pixels or metadata without significantly altering its appearance. This allows the image to look unchanged, even though it contains concealed information.
The most common method used for image steganography is the Least Significant Bit (LSB) technique, where the least significant bits of the image’s pixel values are replaced with the data to be hidden. Since the human eye is not sensitive enough to detect these minor changes, the image appears normal, while carrying the hidden message or file.
Image steganography is generally used for purposes like covert communication, secure data transmission, or digital watermarking. However, it has also become a tool for cybercriminals to deliver hidden malware or malicious code through seemingly harmless images. Once these images bypass security measures, the concealed data can be extracted and used for harmful purposes.
Attackers are embedding malware on JPEGs & PNGs and smuggling it through Secure Web Gateways.
Here’s how it works: a cybercriminal embeds malware into an image, which is then delivered via email attachments, downloads, or even social media posts. Most SWGs do not scan images to check for these attacks. Hence, the image is delivered freely to the victim. Once the image reaches the client side, the malware is extracted through javascript, allowing the attacker to execute their payload and gain access to the victim’s device.
As SWGs struggle to detect threats hidden within media files, enterprises and consumers remain vulnerable. To combat these attacks, organizations need advanced detection methods that analyze the content and context of every file entering their network. That’s a huge ask, and an incredibly expensive one.
Alternatively, enterprises can consider browser-native security solution, where malicious content gets detected at last mile — the web browser. This is a far more scalable and efficient solution as the malware gets detected and blocked before it drops to the victim’s disk.
Assess your Secure Web Gateway
Similar to smuggling malware through image steganography, there are more than 30 attacks that bypass all Secure Web Gateways. Check if your enterprise is vulnerable to them at https://browser.security/
A Picture is Worth a Thousand Threats: Using Steganography to Deliver Malware Past Secure Web… was originally published in SquareX Labs on Medium, where people are continuing the conversation by highlighting and responding to this story.
*** This is a Security Bloggers Network syndicated blog from SquareX Labs - Medium authored by Engineering @ SquareX. Read the original post at: https://labs.sqrx.com/a-picture-is-worth-a-thousand-threats-using-steganography-to-deliver-malware-past-secure-web-42c07d61c36a?source=rss----f5a55541436d---4
