A gang of hackers believed to be coming from Russia has been responsible for a number of attacks on many computers that resulted in the loss of several data, according to a report from security vendor FireEye.
The report finds that the attackers employed a mix of coded online photos and web addresses shared via Twitter to enable the malware dubbed Hammertoss to perpetrate the attack. The malware was developed to automatically create Twitter accounts to share the web addresses and tags that contain information on the size of the photo being used and its location.
The hackers conceal their instructions by embedding it in the images and storing the codes on GitHub. By doing so, they were able to pilfer computer data from various victims.
Here is how the Hammertoss malware works: the malicious software uploaded data to cloud storage accounts of the hackers from the victims’ computers based on the commands that were hidden and encrypted. The technique used to encrypt the commands was steganography, a method of altering the values – series of letters and numbers – that represent the color of a single pixel in a photo.
With only our naked eye, it would be hard to detect these small changes to a pixel, so much so that the difference between the original image and the one being altered would be insignificant. But advanced software tools are now capable of spotting the difference.
By making the changes to the number codes, hackers will be able to create a message that would then send commands with nefarious goals.
An ordinary antivirus software would be of no use to detect the malware’s activity because of the diverse parts embedded in the Hammertoss malware. This eventually makes it hard for security departments to combat the threat and attacks from the hackers.
The onus is now on the network service providers to detect and spot the difference on the command and control communication activities, if ever something beyond the ordinary manifests itself. That means differentiating between illegitimate and legit network traffic.
Any kind of software tool alone would not suffice to ward off the attack, so security experts recommend a collaboration among human resources, technology and information on the attack to mitigate its impact.
The sophisticated tool in question works to pinpoint its target and determine the destination network to which the data would be transmitted. It would only be possible to detect Hammertoss when its complete code is present.