Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

Defeating The Undetectable Threat

by Dr Simon Wiseman, Chief Technology Officer

Steganography and the rise of invisible financial crime

Banks and financial companies are targets of coordinated cyber-attacks as highlighted in the report by the Financial Times.

Hackers are increasingly using a new technique called steganography to conceal malicious code and get valuable data past security scanners and firewalls. Now more than ever, it is crucial for companies to re-evaluate the way they protect their data.

Dr Simon Wiseman, CTO of Deep Secure explains how hackers use this method and the ways it can be prevented or rather eliminated completely.

How is the data attacked?

A workstation on the bank network begins to poll Twitter searching for a pre-defined hashtag. When it spots the hashtag on the Twitter site, it downloads the associated image from the post. This seemingly innocuous event is actually the opening of a command and control channel that the cyber-criminal will use to infiltrate the organisation further and commit a financial crime on an industrial scale.

From the initial compromise to the final exfiltration of funds, the crime is concealed in superficially harmless images using a technique called steganography. It’s a classic e-heist, with a twist. It evades detection completely and that’s the problem the world’s banking and financial institutions are facing.

What is steganography?

Steganography from (Greek steganos, or “covered,” and graphie, or “writing”) is the hiding of a secret message within an ordinary message and the extraction of it at its destination. There are many ways of achieving this which cyber-trespassers use to their advantage. To take one example, hidden content could be encoded in an image using subtly different shades of colour – invisible to the naked eye – that when decoded reveal an entire customer database. Put the original and the compromised image side-by-side and one would not tell them apart, but the latter is worth millions.

How big is the problem?

Unlike cryptography where the presence of some concealed content can be detected but not understood, steganography makes it impossible to detect the presence of hidden content. That’s what makes it such a threat. Steganography is not new and has been used to conceal data for years. But it is the increasing use of image steganography as a vector for the infiltration of malware and/or the exfiltration of valuable data from a protected network that is worrying.

The popularity of image steganography amongst cyber-attackers is on the rise – malware exploit kits and malware-as-a-service offerings now include steganography as standard – and the reason for this is very simple: image steganography is easy to implement and virtually undetectable, making it highly attractive. After all, why would organised crime be bothered playing cat and mouse with cyber-defences anymore when they can move to an easier method?

Combatting an undetectable financial crime

While some reasonably amateurish types of concealment using steganography can be detected (albeit at the expense of a lot of false alarms), the professional cyber-invader is using image steganography in a way that is completely invisible to both the eye and to analysis.

Of course, businesses can employ some basic hygiene precautions to try to limit the threat. For example, if the network allows the use of social media, it will pay to keep it well away from sensitive data and systems. However, the most important step to take is to start thinking that detection is not the answer to this particular problem.

There is no point in trying to detect image steganography. A company has to look to employing a defence that will eliminate its hiding places by removing and replacing redundant data in images.

Content Transform

In March 2018 industry analyst Gartner published a report entitled “Beyond Detection: 5 Core Security Patterns to Prevent Highly Evasive Attacks”. In the findings, the author drew attention to Content Transform as key to building defences against threats like image steganography.

Deep Secure uses Content Transform in its Stegware Threat Removal platform to extract only the necessary business information from images crossing the network boundary. The data carrying the information is discarded, so redundant data is removed and replaced along with any threat. Brand new images are then created and delivered to the user. Nothing travels end-to-end but safe and digitally pure content. Attackers cannot get in and the threat of concealed exploits is destroyed.

A recent study found that the size of the average web page has quadrupled in the last six years and 67% of that page is now comprised of images. Twitter has 330 million monthly active users and much of what they share are images. Little wonder that cyber-criminals can see the opportunity for committing financial crime using this technique.

Content Transform is a way to get and stay ahead of these attackers as it eliminates threats and leaves no opportunity for evasion techniques to be developed. Done correctly the result of this approach can be termed ‘Content Threat Removal’ (CTR) because that’s exactly what it does.