×
< BLOG
Cyber Security

Cybersecurity Mindful Moments by Tara Lemieux

February 7, 2023

season 1 | episode 3


Question: What do you see here?

At first glance, it appears to be an image of a peony, perhaps from my own garden (and therefore, of far finer value).

But, what if I told you *this* fine flower served a dual, and likely nefarious purpose? Would you believe me? Or, would you not even think to ask or scan?

Images just like this are being deployed in unprecedented volume across social media networks where they are liked, retweeted, shared, downloaded, and sent to friends, family, and others you may wish to uplift.

Steganography is the practice of hiding secret messages or data within other, seemingly innocuous digital media, such as images, audio files, or even executables. The goal of steganography is to conceal the presence of the message itself, so that it remains hidden and undetected even if the containing file is intercepted and examined.

In recent years, steganography has become a popular technique for cyber operations targeting the United States, as it provides a way for threat actors to bypass traditional security controls and deliver malicious payloads directly to their intended targets. The technique is especially useful for attackers who wish to evade detection by law enforcement and cybersecurity organizations, as the payloads themselves are embedded within seemingly benign files and are often indistinguishable from ordinary digital content.

There are many different ways that steganography can be employed, depending on the goals and objectives of the attacker. Some common methods include:

– Embedding hidden data within the metadata of a file, such as the file header or footer.
– Hiding data within the least significant bits of an image file, which can be used to store a secret message or to control the execution of malware.
– Encrypting the payload using a secret key and embedding the encrypted data within a larger file.
– Using specialized software tools, such as steganography utilities, to embed the payload within the digital media.

Most of which can be done online using free tools and services, making it an even more enticing lure for threat actors and criminals.
For this lovely peony, it has been encrypted with a secret message (though, it could have EASILY been a more sophisticated payload capable of taking control over your device while capturing all of your data).

The message reads,

“There will come a time when it isn’t ‘They’re spying on me through my phone’ anymore. Eventually, it will be ‘My phone is spying on me’.

– Philip K. Dick

I think we are already there, btw.

What do you think?

subscribe by email

Stay Ahead