Steganography is the practice of concealing information within another message or physical object to avoid detection. It is a method of hiding secret data by embedding it into an ordinary, non-secret file or message, so that it will not be detected. Steganography can be used to hide virtually any type of digital content, including text, image, video, or audio content. The hidden data is then extracted at its destination. Steganography can be used in conjunction with encryption as an extra step for hiding or protecting data.

Steganography is relevant to cybersecurity because threat actors often hide information when attacking a target. They might hide data, conceal a malicious tool, or send instructions for command-and-control servers within innocuous-seeming image, video, sound, or text files. Steganography can be used to embed malicious data within seemingly innocuous files, and since it requires significant effort and nuance to get right, its use often involves advanced threat actors with specific targets in mind.

Here are some ways in which attacks can be delivered via steganography:

• Concealing malicious code within an image or video file
• Hiding data within network control protocols used in data transmission
• Embedding malicious data within seemingly innocuous files

Steganography has been used for centuries and has been digitized to do some pretty creative things. There are a number of apps that can be used for steganography, including Steghide, Xiao, Stegais, and Concealment. Image steganography is a popular form of steganography that involves hiding data within an image file.

While steganography is a form of obfuscation, the reverse doesn’t apply. Steganography is a practice that enables secrecy and deceit, and it is not a form of cryptography because it doesn’t involve scrambling data or using a key. Combining steganography and cryptography is the greatest way to disguise a message from adversaries while still protecting it.