Steganography, Hidden Customer and Cardholder Data in JPG Files: How to Prevent It

As a leading cybersecurity company with a team of digital forensic experts, we have recently conducted forensic investigations that uncovered a resurgence of malware that enabled the local harvesting of customer and cardholder data. This malicious code operates stealthily, extracting sensitive customer and cardholder data encoded in base64 format and storing it within seemingly innocent JPG files.  

The resurgence of hidden malware and harvested data, especially when concealed within JPG files using base64 encoding, presents a formidable challenge for businesses. Our findings indicate that the typical compromised Magento (or other platform) eCommerce platform is missing known patches, emphasising the criticality of proactive patch management. To effectively counter this hidden menace, organisations must adopt a multi-layered cybersecurity approach, including regular patch management, robust security measures, file integrity monitoring, proactive incident response, and continuous monitoring. 

To counter the resurgence of hidden customer and cardholder data encoded within JPG files, particularly on eCommerce platforms like Magento, or Wordpress organisations must adopt a comprehensive and proactive cybersecurity approach. Here are key proactive strategies to consider:

• Regular Patch Management: Maintaining up-to-date software, including security patches, is crucial for eCommerce platforms. Implementing a robust patch management process ensures that known vulnerabilities are addressed promptly, reducing the attack surface for cybercriminals.
  
  

• Robust Security Measures: Employing advanced threat detection solutions, including behaviour-based analysis, anomaly detection, and real-time monitoring, helps identify hidden threats and potential vulnerabilities within the eCommerce platform.

• File Integrity Monitoring: Implementing File Integrity Monitoring (FIM) solutions to continuously monitor critical files and directories on the eCommerce platform. FIM alerts digital forensic experts to any unauthorised changes or additions, enabling timely investigation and mitigation of hidden malware.

• Web Application Firewall (WAF): Deploy a robust WAF solution to monitor and filter incoming traffic, detect and block malicious activities, and provide an additional layer of defence against threat actors.

• Proactive Incident Response: Developing an effective incident response plan that outlines steps to be taken in case of a security breach is essential. This plan should include digital forensics and timely remediation to minimise the impact of an attack; including predefined steps for containment, eradication, and recovery.

• Continuous Monitoring and Auditing: Implementing continuous monitoring and regular security audits on the eCommerce platform helps detect any unauthorised changes, anomalous activities, or signs of hidden malware.

Foregenix uses our extensive experience as an industry-leading digital forensic team to detect advanced card skimming malware before it can damage your website reputation and steal customer data. Our solution ThreatView has the most comprehensive detection capabilities for payment card harvesting malware for all platforms. 

You can test ThreatView for free to leverage Indicators of Compromise based on thousands of Incident Response cases globally and can provide 24/7 monitoring for the latest malware threats.

Working together, we can stay one step ahead of cybercriminals and safeguard the integrity of online transactions.