You might think of hacking as something that exists distinctly within the world of computer technology. But some of the most common tricks in the cybercriminal’s playbook predate even the first computers, sometimes by thousands of years.
Social engineering, for example, requires only the ability to trick another person in to giving up secret information. The Trojan horse, a notorious intrusion technique, takes its name from the Trojan war of ancient Greece.
Stegware is another example of age-old deception tactics applied to modern technology. It’s a method that’s involved in about 35% of attacks and growing. So it’s something you’ll want to make sure you understand as you prepare your cyber defenses.
Stegware takes its name from the term “steganography,” which involves hiding something within something else – for instance, a hidden message within an image. Even using invisible ink is a form of steganography.
Think of stegware as a modern-day version of this tactic. It’s an approach to distributing malicious code without discrete files for that code. That is, instead of making up their own files, the malware that attackers deploy is hidden inside of seemingly safe files. In a currently popular attack method, hackers embed malicious code in to a .png file, which they then distribute through social media platforms.
Stegware attackers, which are the “smugglers” of the hacking world, require attention to thwart. Here are a few approaches to consider in your plan:
- Network separation: These days, employees typically have access to social media accounts. However, that doesn’t mean that this access needs to be granted on the same networks housing critical data and resources.
- Monitoring encrypted traffic: Hackers take advantage of encrypted channels to send attacks of this type. Shut them down by analyzing the traffic coming through them.
- Layering your security: Don’t put all your eggs in one basket and count on protecting one level of breach. Invest in protections at multiple points of data transfer.
In general, the best approach is to act under the assumption that hackers have already breached your security, and focus on shutting them out of critical information systems. Lunarline is uniquely qualified to assist your organization with these efforts.
For more information on how we can help, contact us online today.