Steganography (pronounced: steh·guh·naa·gruh·fee) is the technique of hiding data secretly within an ordinary, non-secret, file or message in order to avoid detection. The use of steganography can be combined with encryption as an extra step for hiding or protecting data. Steganography can be used to conceal almost any type of digital content, including text, image, video or audio content; the data to be hidden can be hidden inside almost any other type of digital content.
In modern digital steganography, data is often encrypted and then inserted, using a special algorithm, into data that is part of a particular file such as a JPEG image, audio, or video file. The secret message can be embedded into ordinary data files in many different ways. One technique is to hide data in bits that represent the same color pixels repeated in a row in an image file. By applying the encrypted data to this redundant data in some inconspicuous way, the result will be an image file that appears identical to the original image but that has “noise” patterns of regular, unencrypted data.
The practice of adding a watermark, a trademark or other identifying data hidden in multimedia or other content files, is one common legitimate use of steganography. Watermarking is a technique often used by online publishers to identify their own source material in media files that have been found shared without their permission.
Illegitimate uses of steganography include hiding illegal pornographic content inside innocuous image files, transporting malware hidden inside otherwise safe files, or ex-filtrating stolen intellectual property from a company inside harmless looking image files.
Additional Reading: Malware Delivery Reboot through Steganography
What does this mean for an SMB?
For the average SMB, steganography does not provide a quantifiable risk to your organization. The discovery of steganographic file usage is incredibly difficult, expensive, and does not often yield the results of what was encrypted and embedded within the files in question. Since most SMB’s have many much larger holes through which their data can flow, it is advisable simply to be aware that this technology and technique exists. SMBs should focus their very limited resources on the largest risks they face: a lack of training employees on common attack vectors like phishing attacks and weak or poor password hygiene. Address these two critical issues and your SMB will have addressed the two largest risks involved in, by some accounts, 92% of all SMB breaches.