Hackers Now Employ Steganography To WAV Audio Files For Hiding Malware (Oct 20, 2019)
Symantec researchers reported in June this year that Waterbug APT (Russian-based Turla Group) were exploiting WAV audio files with steganography. Cylance researchers have now discovered a campaign using a similar technique to deliver cryptominers. Using steganography, attackers can execute malicious code from a benign file, evading detection. In this instance, the WAV files contain code associated with the Monero CPU miner, with others contain Metasploit code.
Recommendation: Threat actors are always adapting to the security environment to remain effective. New techniques can still be spotted with behavioural analysis defenses and social engineering training. Ensure that your company's firewall blocks all entry points for unauthorized users, and maintain records of how normal traffic appears on your network. Therefore, it will be easier to spot unusual traffic and connections to and from your network to potentially identify malicious activity. Furthermore, ensure that your employees are educated about the risks of opening attachments, particularly from unknown senders and any attachment that requests macros be enabled.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.