What's the Deal with Stegomalware? : The Techniques, Challenges, Defence and Landscape

Sammanfattning: Stegomalware is the art of hiding malicious software with steganography. Steganography is the technique of hiding data in a seemingly innocuous carrier. The occurrence of stegomalware is increasing, with attackers using ingenious techniques to avoid detection. Through a literature review, this thesis explores prevalent techniques used by attackers and their efficacy. Furthermore, it investigates detection techniques and defensive measures against stegomalware. The results show that embedding information in images is common for exfiltrating data or sending smaller files to an infected host. Word, Excel, and PDF documents are common with phishing emails as the entry vector for attacks. Most of the common Internet protocols are used to exfiltrate data with HTTP, ICMP and DNS showed to be the most prevalent in recent attacks. Machine learning anomaly-based detection techniques show promising results for detecting unknown malware, however, a combination of several techniques seems preferable. Employee knowledge, Content Threat Removal, and traffic normalization are all effective defenses against stegomalware. The stegomalware landscape shows an increase of attacks utilizing obfuscation techniques, such as steganography, to bypass security and it is most likely to increase in the near future.