The art of hiding in plain sight is something most special agents strive for as it gives them the ability to slip in and out without drawing attention to themselves. Threat actors are doing the same thing with steganography to move into environments without drawing any attention to themselves.

Stega…what? Yea, I know, big word for “encapsulating” an item within another item. This is useful when you want to send something but want to have it secured, obviously nobody is going to assume the funny image being sent from one person to another includes an embedded file. The downside is this same method can be used by threat actors to get payloads on devices, after which the payload is extracted from the wrapper and detonated on the machine.

I know this sounds like science fiction but it’s becoming more and more prevalent on the threat landscape, but the security stack BLOKWORX leverages can pick up the packages either while encoded within the image or as they are being extracted and rebuilt (many times the payloads are encrypted with base64 and must be decrypted to be more than what appears as an embedded text string).

This is another reason why having a prevention-first solution is needed in your environment!