What Is Steganography and Its Popular Techniques in Cybersecurity?

The word steganography stems from the Greek origin “steganos” (secret) and “graphy” (writing or drawing), which loosely translates to hidden writing. It is a technique to obscure data or information within other pieces of ordinary images, audio, or video files from unwanted eyes. Only the sender and recipient will know of the existence of the embedded message, audio, or image.

Steganography Explained in Brief

People have been using ingenious ways to conceal data and information within other carrier files since ancient times. It is not a new or modern technique. Painters and artists across the globe have made use of this technique to conceal signatures and other hidden messages within their art or paintings.

Today, digital steganography is the most common way of concealing information from third parties. Embedding messages within image files on a system is a widespread steganography technique.

To put it another way, steganography is a type of obfuscation that uses images and other forms of media to conceal information and hide its presence without raising suspicions. It is different from obfuscation which intends to make the hidden message difficult to read/decode. Now, let’s understand the differences between steganography and obfuscation.

Steganography vs Obfuscation

STEGANOGRAPHY	OBFUSCATION

It is an obfuscation method to conceal images or text within a carrier (medium of hiding the information, e.g., images, audio, or video files.	Obfuscation is the process of concealing the information with the deliberate intent of making it difficult to decode or interpret the message.
Only the two parties interacting through these embedded codes will be aware of the data’s presence because it is encrypted. The hidden contents are simple texts or photos, but they are uniquely concealed.	Programming codes are obfuscated to protect sensitive data of trades, intellectual property etc., from malicious hackers. It makes it difficult for hackers to read the codes and thus prevents malicious exploits. The cryptic messages appear difficult to read and often require specialists to decipher the code.
A few steganography examples include concealing information in the file header, playing an audio track in reverse to find a secret message etc. One can also hide one’s private banking details or trade secrets in a cover image, audio, or text (source).	Some examples of obfuscation include address obfuscation, code flow obfuscation, and more. It can be an effective tool against reverse engineering. Obfuscation techniques can also bypass antivirus tools.

 

This article explains how steganography works using popular techniques and is relevant for protecting critical information from threat actors.

How Does It Work?

Steganography is a combination of science and art. It employs a variety of inventive ways across several mediums to conceal text from prying eyes. It embeds hidden messages by dropping the unwanted data in computer files like HTML, text etc., and replacing it with unreadable text or code.

Recently, we have been witnessing a considerable rise in malware attacks using steganographic techniques to encrypt messages to attack target systems.

Let’s understand how threat actors are using Steganography techniques to their advantage.

Where Is Steganography Used?

As we pointed out earlier, Steganography conceals the encrypted message or information, but it does not hide the data between the two communication parties. Hackers use steganography techniques to corrupt files, conceal malicious payloads and more. Digital steganography is a popular technique for embedding messages within a medium like an image, audio, or video and hiding it from unwanted eyes. While malicious hackers use this process to bypass security measures, they are not the only ones who use steganography techniques.

Ethical hackers, forensics examiners, spies, government security and intelligence agencies also use digital steganography tools and methods. The government carries out secret exchange of messages in the interest of national security using steganography methods as it mitigates the risk of information leakage.

Military, businesses, and educational institutions use steganography techniques as well.

To understand steganography techniques, one needs to know their diverse types as well. Let’s unravel steganography types in detail.

What Are the Various Types of Steganography Methods?

Based on the intent, there can be different steganography types.

1. Steganography in Images

Hiding information inside an image finds widespread use in digital steganography. Digital images are available in different formats, and algorithms in use also vary to hide covert information inside an image. Some of the algorithms used here are:

• Least Significant Bit Insertion
• Encrypt and Scatter
• Redundant Pattern encoding
• Masking and Filtering
• Coding and Cosine Transformation

2. Steganography in Videos

The art of concealing confidential data in video formats from unauthorized parties is video steganography. A few of the popular techniques or approaches in this type are:

• Least Significant Bit Insertion
• Real-time Video Steganography

3. Steganography in Audio

The technique of using an audio file to transmit hidden text messages or audio in an unreadable manner to third parties is audio steganography. Some common forms are:

• LSB coding
• Echo hiding
• Phase coding
• Spread spectrum
• Parity coding

3 Techniques Used in Steganography

There are multiple steganography techniques used to transmit secret information through carrier files. Let’s learn about the three popular steganography techniques.

1. Least Significant Bit

A greyscale image pixel is segregated into eight bits. The eighth or last bit is known as the Least Significant Bit, and that is why this bit serves as a carrier for hiding information or data in the image as it affects the pixel value by only one. When you change the least significant bit, the naked eye cannot perceive the change in the image as the image may only appear slightly altered. So, one cannot see or differentiate much from the image.

Hackers cleverly use this to embed malicious code in digital images and target systems. When the target downloads the carrier file, the malware is installed on their computer, giving them access to the device. The attacker can thus breach security codes and disrupt the files.

2. Palette Based Technique

Digital images become the medium for carrying malware in this steganography technique.

This technique also uses digital images as malware carriers. The attackers embed the message in palette-based images like the GIF files. Threat hunters or ethical hackers have a challenging time detecting the malware because it is encrypted and is difficult to decrypt.

3. Secure Cover Selection

This process is about finding the right block image to carry the malware. Cybercriminals compare the images they choose as the medium to the blocks of the malware. If they find an image block that matches the identified malware, they fit it into the carrier image. What we get is an identical image that carries the malware, and it’s also not detected by any threat application.

These are a few popular steganography methods that black hat hackers use to conceal their malware attacks from ethical hackers. Steganography can make the work of ethical hackers or threat hunters difficult as hackers can attack in stealth mode using these methods. However, ethical hackers can employ a few preventive measures against such attacks, like educating end-users, deployment of security patches, and updating software regularly.

Let’s learn how an ethical hacking program certification can help you understand steganography techniques and tools.

Start Your Career in Ethical Hacking With EC-Council’s C|EH Program

If you want to identify malware to prevent potential attacks, you’ll need to know the latest countermeasures tools against steganography.

Getting trained on the Certified Ethical Hacker (C|EH) program from EC-Council will equip you with the skills to detect network adversaries. You will also learn how attackers use steganographic techniques to send malware through email and digital images to target systems. By learning about the countermeasure tools, one can detect the carrier files with the hidden text or audio. So, if you are ready to start your career in ethical hacking, join the C|EH program.