Blog

A recently published report – jointly produced and released by Europol and Eurojust – offers an update on a relevant and interesting subject for all SIMARGL stakeholders, a project in which CUING participates. The second report of the Observatory Function on Encryption is aimed at law enforcement, judiciaries and policy makers as a reference source on the latest technical and legislative developments around encryption.

This paper builds on the objectives of the first report, released in Jan 2019, to provide an overview of the state of play on encryption from the perspective of the law enforcement and judicial communities. The current environment in which criminals are able to exploit encryption and other security vulnerabilities remains challenging for the judicial and law enforcement authorities of EU Member States, the report authors emphasise.

In Part 1, we gave an overview of the growth of stegware (steganography malware) and how security experts underestimate its use as an attack vector. In this blog we look at the ways stealthy stegware is delivered and how this dangerous threat can be so difficult to detect.

In its simplest form, stegware is concealed inside seemingly innocuous digital images. In the burgeoning digital era, cyber attackers used the increasingly multimedia-driven content of the internet to their advantage to conceal their secret code within public images.

Steganography in malware, known as stegomalware or stegware, is stealthily increasing in popularity as attackers diversify in pursuit of flying under the radar with their malicious code hidden from view in parasitic fashion. Malware authors continue to display versatility in devising new techniques, and re-inventing existing ones, in the hunt for ways to hide their malicious wares.

Malware writers are bringing the ancient practice of steganography up to date by masking malicious code in pictures, videos and other seemingly harmless types of image files. Many of these types of files are considered to be a low security risk and are often overlooked for further analysis. This has provided an ideal gateway of opportunity for would-be cyber attackers and for the concealment of malicious code.

CUING is pleased to announce its involvement in the SIMARGL project, which launched on the 1st of May 2019. SIMARGL stands for Secure Intelligent Methods for Advanced Recognition of Malware and Stegomalware. It is a three-year project funded by the European Union's Horizon 2020 research and innovation programme.

This week, we attended the SIMARGL kick-off meeting at FernUniversität in Hagen, Germany. Some exciting ideas were discussed about how SIMARGL can best combat the pressing problem of malware.

CUING's role within the project is to provide expertise on stegomalware and information hiding methods, as well as to develop a training programme which can ensure that the project's results are effectively disseminated to SIMARGL's end users.

The project also covers a wider range of challenges in the cybersecurity field, such as ransomware and mobile malware. Ultimately, SIMARGL will offer a software toolkit to end users which will enable them to defend against the latest malware and stegomalware threats.