Beware of Stegosploit, an Uncommon but Dangerous Threat
Consider uncommon steganographic attacks such as Stegosploit, which is now targeting industrial firms. This malware modification made a name for itself three years ago before vanishing into the electronic ether. And it’s catching cybersecurity departments by surprise with a comeback.
While the name Stegosploit may sound like a dinosaur, it’s actually a type of malware that uses doctored images to do its work. Malicious code is embedded in an image file, such as a .JPG, and attached in an email. When the file is opened, the malware executes and can bypass existing security controls. For attackers, the benefit of hiding in plain sight is that many spam filters will not catch the modified image code, allowing it to easily slip through post-secondary security networks.
It is precisely the fact that steganographic attacks do not happen often that makes them dangerous. Schools are simply not on the lookout for this type of malware.
According to Brian Kelly, director of the cybersecurity program at EDUCAUSE, higher education institutions should be prepared for uncommon attacks like Stegosploit. “Colleges and universities need to be aware of and track emerging attack vectors in order to successfully block threats and protect their networks against steganography-based threats,” he says.
Simple Ways to Protect Networks from Emerging Threats
Colleges and universities are seeing more mature attacks in which foreign threats are not only stealing and reselling data but also hoping to cause political unrest.
Vince Kellen, CIO for University of California San Diego, says his school “is seeing more activity from sophisticated attackers related to state actors from China, the Middle East and Russia.”
“For the vectors coming from China, the attackers are interested in intellectual property at U.S. universities, including that related to COVID-19 research,” he says.
Kellen also speaks to the rise of fake COVID-related websites. “While these include mostly phishing campaigns in emails, we are also seeing far better fake sites that look just like the commercial website and can trick people into thinking they’re visiting a safe site,” he says.
For his part, Kelly offers five recommendations to prevent advanced phishing attacks and other emerging threats, such as Stegosploit:
- Use shared threat intelligence to stay up to date with steganographic and other emerging threats. Share threat intelligence with your peers.
- Block known steganographic and fake COVID-themed message traffic.
- Observe and test for suspected phishing and steganographically obscured malware.
- Inspect applications and other code that might conceal malicious content.
- Expedite and prioritize vulnerability patches updates, and policy controls.
How to Address the COVID-19 Attention Deficit
Kellen highlights the biggest problem with evolving attack vectors: a decrease in attention. “Since everyone is thinking about COVID nearly all the time now, attackers are taking advantage of that shift in attention,” he says. As teams focus on mainstream attacks, those on the fringes have unprecedented opportunities to find potential weak points.
But there are simple solutions to this. Kellen notes the steps required for effective IT security “are well-known and well-documented for both less common and the most common forms of attack.”
The most important techniques usually include multifactor authentication, quick patching, modern password practices and monitoring networks and systems for suspicious activity. “Using tools to potentially identify phishing and stop it are the most important techniques we have to protect us,” Kellen says.
Kellen also makes it clear that the challenge here is behavioral discipline. As a result, post-secondary schools must deploy a combination of technical controls and regular training to ensure both ends of the IT spectrum — people and processes — are protected from common and uncommon attacks.
Colleges and universities remain popular targets for malicious actors. Whether this means facing common threats such as ransomware, COVID-19-themed phishing attacks or less common image exploits, post-secondary schools must prioritize a big-picture approach that delivers both solid behavioral education and sophisticated network protections.