The Threat of Digital Steganography-cloaked Malware to U.S. Critical Infrastructure Systems

*Note: This article was originally published by the author on August 31, 2018.

What is digital steganography you may be asking and why should you care about it? Well, the short answer to that question is that sometimes what you cannot see can hurt you, badly, in fact. Badly to the extent that hidden malware could seriously cripple many of the U.S. Critical Infrastructure Information Systems (IS), something that our adversaries such as Russia, China, North Korea, and Iran would likely enjoy watching.

Cyberspace referred to as the fifth domain by NATO can be a dangerous place. There is a lot going on behind the scenes of network processes and protocols running silently in the background across networks that you may not be aware of, some of which as recent news headlines have demonstrated are nefarious in nature. Case in point, take digital steganography which is essentially a technique used to hide information in plain sight involving various digital compression algorithm techniques that allow data to be segmented and slightly modify binary-level bits of data just enough so as to not alter the carrier file’s integrity.

A simple example of Least Significant Bit (LSB) digital steganography is for the steganography application to substitute the…