Millions Possibly Affected by Newly Discovered Stegno Malvertising Campaign

When it comes to deception, cybercriminals have many options at their disposal. There’s phishing, where crooks posing as an authority figure attempt to trick victims into giving up sensitive information. There’s man-in-the-middle, where cybercriminals intercept traffic on a public or easily-accessed Wi-Fi network. But there’s one method of deception that’s exceptionally ingenious, and is a new play on an old trick.

The method in question is called “steganography,” a technique used to hide secret messages in plain sight, often within a document or picture. By embedding code into images, and passing the corrupt image off as something innocuous as, say, internet banner ads, cybercriminals are easily able to execute code on vulnerable systems. And they are.

Cybersecurity researchers have discovered a two-year long cybercriminal campaign using steganography techniques on some of the most popular websites in the UK, Australia and Canada. The long-lasting attack delivered corrupt images through online ad networks for news sites like Channel 9, Sky News and more, according to The Register. If vulnerable, readers may have been infected with malware capable of collecting keystrokes, footage from webcams, and account or email credentials. It’s a method as effective as it is troublesome, since it takes advantage of often ignored, but prominent and critical, services for news websites. Those services: ad networks.

Ad networks facilitate the delivery of ads for news websites. While some networks screen ads for malicious activities, most do not. This may be how some malicious advertisements, or malvertisements, often wind up affecting millions of site visitors.

But the newly discovered malvertising campaign, dubbed “Stegno” by its discoverers, is different. Its malicious code is well hidden in an image’s pixels, making it difficult for even competent or advanced ad networks to detect. It covers its trails well, executing itself only after it verifies a user isn’t running a virtual machine, security software or actively collecting data packets in order to better hide from cybersecurity researchers.

Still, despite its advanced techniques, Stegno can only infect users if they meet certain criteria. Namely, the victim’s computer needs to run a vulnerable version of both Internet Explorer and Adobe Flash, Ars Technica reports. Both applications have patches designed fix the abused vulnerabilities. Still, Stegno could afflict millions of users across the globe.

Stegno is effective because it preys on the some of the most common assumptions when it comes to the digital world today: that users don’t need to update their devices; that (some) ad networks don’t need to carefully screen their ads; and that cybersecurity researchers can detect all malware while taking known, standardized precautions to run a “clean” computer for security research purposes. Sometimes these assumptions carry validity, but most of the time they ignore the necessary investments we need to make in online security.

So what can you do to protect yourself from sophisticated malvertising campaigns like Stegno? Here are a few tips:

  • Keep your software up to date. Campaigns like Stegno depend on unprotected, unpatched systems. In order to ward off infections, and to make sure you’re running the latest and most secure system you can, make sure you update your software as soon as an update is available. Today’s operating systems often include an auto-update feature. If you can, try to keep it active.
  • Use an ad-blocker (judiciously). Ads have crossed the threshold from mundane to worrisome. It may be worthwhile to invest in an ad-blocker program in order to ward off malware and malvertisements. There is, however, a moral issue to consider: many news websites depend on successfully delivered ads to operate — so if you enjoy a publication’s work and want to support them, consider either “whitelisting” their website or see if they offer a subscription-based ad-free experience.
  • Always use a comprehensive security solution. Finally, you’ll need a comprehensive security solution that scans and protects you from the worst of the Web. Solutions like McAfee LiveSafe™ are a worthwhile investment for those looking to protect all of their devices from the internet’s various maladies, like Stegno. As always, do your due diligence and make sure the solution you invest in matches your goals and your digital lifestyle.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @IntelSec_Home on Twitter, and ‘Like’ us on Facebook.

gary

Leave a Comment

13 + 18 =