By: Sameer Ratolikar
With rising digitisation and increasing financial transactions over the internet, bank customers are exposed to various threats on a daily basis. Many a times they may be hit by something even without being aware of it and one such threat that is growing is malicious Steganography that may compromise your data privacy relating to your bank account.
What is Steganography?
Steganography comes from the Greek words; ‘Steganos’, which means concealed or hidden and ‘Graphein’, meaning written form. The art and science of hiding information by embedding messages within other seemingly harmless messages is called Steganography. It works by hiding information which can be plain text, cipher text, or even images in regular computer files (such as graphics, sound, text, HTML).
How does malicious Steganography work? How does it affect a system?
In an effort to infect any machine with malware, attacker may hide the malicious code within a legitimate looking file with the objective of executing the malware and getting control over target machine. Digital Steganography applications can be used to steal sensitive information by sending the information to fraudster outside the organisation. For instance, if someone was trying to steal data, they could conceal it in another file or files and send it out in an innocent looking email or file transfer.
How can it impact data privacy?
In today’s digitally connected world, financial transactions are also happening through various digital platforms, like PCs, laptops and devices. It is, therefore, imperative for users to be aware about malicious Steganography. For example, if one is carrying out a financial transaction from his PC or laptop and the same is being used to download songs or movies from an unknown source, without necessary measures like installing updated and licenced anti-virus or anti-malware software, then one is exposed to such threats. So it is advisable not to download from an untrusted source or opening unknown file extensions. Also, installing licenced anti-virus or anti-malware software and timely updates of the same helps provide protection against incidents like malicious Steganography. One must also avoid carrying out financial transactions from an untrusted third party device.
Is the trend increasing?
Cybercriminals use Steganography techniques to encode commands into pictures or crafted Web pages to smuggle malware through firewalls into the system under attack. These control commands then order a victim’s computer to obtain executable code from remote servers, which in turn permit an outsider to gain access to local files within the compromised network. This is not limited to geographical boundaries. Main motive of using Steganography is to hide the malicious code to break into the system and Indian users are also exposed to this threat.
How does one protect systems from malicious digital files?
Protection against malicious digital files is similar to protecting any malware/ trojan/virus. The best defense for a regular user is to periodically scan PCs for questionable software. Additionally, the following steps can be taken:
* Never open emails or download attachments from unknown senders or source.
* Installing antivirus helps. It scans every file you download and protects you from malicious files
* Enable automatic OS updates or download OS patch updates regularly to keep your operating system protected against vulnerabilities and exploits from malicious codes
* Download and use latest version of your browser.
The writer is the Chief Information Security Officer (CISO) at HDFC Bank.