What makes great art, whether it be in literature, painting, film, or photography, so challenging and valuable that it seems to be out of our realm of understanding? In any such art, there is more to it than meets the eye. Whether these artists hid some messages for the generations in their art is beyond our knowledge.
As the world transitioned into the digital age, we began to use this technique to communicate a lot of information in a single image. Consider the QR code, a little square that contains a wealth of data. How frequently do you ever scan the QR code that is included with your favorite snack or water bottle?
In the digital era, images are still one of the most commonly used methods of concealing data. It is less suspicious to conceal data inside digital images commonly exchanged between Internet users. Like the two sides of a coin, We also have another side to this strategy that hackers have mastered. Hackers recently have surfaced with this age-old technique but remixed it to suit this generation by hiding the code in an image.
Who are these hackers?
Witchetty, a cyber-espionage gang and a sub-group of the China-linked TA410 group (aka APT10), has been found using new tools in assaults targeting Middle Eastern businesses. Witchetty (aka Lookingfrog) was first documented by ESET in April 2022.
A backdoor known as X4 was previously used by Witchetty alongside second-stage malware called LookBack.
The group’s new tools include a backdoor Trojan (Backdoor.Stegmap) that uses steganography, a seldom-witnessed technique in which malicious code is buried within a picture.
The initial access for the threat actors was gained by exploiting the Microsoft Exchange ProxyShell and ProxyLogon vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207, CVE-2021-26855, and CVE-2021-27065). This was to install the web shells on public-facing servers and then fetch the malicious file.
How can you avoid such attacks with an endpoint management and security solution?
1) Educate your employees. Though there are numerous segments of training every year, there is always one employee who clicks phishing emails that risk the entire organization.
2) Ensure your endpoint management blocks the downloads of email attachments with a feature that blocks executables.
3) The endpoint management solution should have an endpoint detection and response built in to block files from being written to the disk.
4) Ensure you’re up to date on your patches. Hackers mostly rely on last year’s vulnerabilities to breach the target network, taking advantage of the poor administration of publicly exposed, unpatched servers.
A common adage states, “Too many cooks spoil the broth.” With many agents, applications, and security solutions and processes, we think we’re safe. But we fail to understand whether all these different cooks would work together or spoil the meal. Seamless integrations between agents of different solutions are a must to have a clutter-free work environment. So why rely on “too many” solutions when one can do all the work for you?
Endpoint Central is an exhaustive solution with its own R&D team working to provide a safe and secure management solution for enterprises and businesses. Sign up for a free trial, and try Endpoint Central now!
