Filtern
Erscheinungsjahr
Dokumenttyp
- Konferenzveröffentlichung (210) (entfernen)
Sprache
- Englisch (210) (entfernen)
Schlagworte
- Bionik (3)
- Gespenstschrecken (3)
- Haftorgan (3)
- adhesion (3)
- stick insects (3)
- Competency-Oriented Exams (2)
- Field measurement (2)
- Solar modules (2)
- 360° Panorama (1)
- API 1130 (1)
- Air handling unit (1)
- Alternative Geschäftsmodelle (1)
- Artificial Intelligence (1)
- Assisted living technologies (1)
- Assistive robotics (1)
- Augmented Reality (1)
- Autonomous Agents (1)
- Bildverarbeitung (1)
- Biomimetics (1)
- COIL (1)
- CPM (1)
- Climate change (1)
- Constructive Alignment (1)
- Continuous Assessment (1)
- Continuous Queries (1)
- Crowdfunding (1)
- Datalog (1)
- Deductive Databases (1)
- Deutschland / Technische Regeln für brennbare Flüssigkeiten (1)
- Distributed Software Development (1)
- Elastizitätsmodul (1)
- Erneuerbare Energien (1)
- Erweiterte Realität <Informatik> (1)
- Exams with Third-Party Applications (1)
- Fehlererkennung (1)
- Fehlerortung (1)
- Flipped Classroom (1)
- Formative Assessment (1)
- Future capacity needs (1)
- Human-Robot Interaction (1)
- Human-centered computing (1)
- Hydraulic compression, Carbon Nano Fibers, PEM Fuel Cells, Catalyst utilization (1)
- Incremental Evaluation (1)
- Interactive Voting Systems (1)
- Intercultural Collaboration (1)
- Journalismus (1)
- Kalman filter (1)
- Kohlenstoff-Nanoröhre (1)
- Leak detection (1)
- Leckerkennung (1)
- Leckortung (1)
- Lecksuchgerät (1)
- Lecküberwachung (1)
- Machine Learning (1)
- Maus (1)
- Mikrofotografie (1)
- Mixed Reality (1)
- Multi-Agent System (1)
- NeRF (1)
- Online Programming Exams (1)
- Online Supervision (1)
- PEM Electrolysis, Hydrogen, Hydraulic Compression, High Pressure (1)
- Peer Assessment (1)
- Peer Instruction (1)
- People with disabilities (1)
- Performance prediction (1)
- Polymer-Elektrolytmembran-Brennstoffzelle (1)
- Project-based Learning (1)
- Regeln der Technik (1)
- Rescue Robotics (1)
- Robot assistive drinking (1)
- Robot assistive eating (1)
- Robotik (1)
- Small UAVs (1)
- Smart Grid (1)
- Social Learning (1)
- Student Activation (1)
- TRFL (1)
- Temperature coefficients (1)
- Tetraplegie (1)
- Transformative Teaching (1)
- Update Propagation (1)
- Urban heat island (1)
- Visual Monocular SLAM (1)
- Young´s modulus (1)
- Zustandsmaschine (1)
- biomimicry (1)
- consent banner (1)
- cookie banner (1)
- cookies (1)
- human-centered design (1)
- hybrid sensor system (1)
- leak locating (1)
- leak monitoring (1)
- participatory design (1)
- privacy (1)
- risk management (1)
- sensor fusion (1)
- state machine (1)
- user acceptance (1)
- web measurement (1)
Institut
- Westfälisches Institut für Gesundheit (49)
- Institut für Internetsicherheit (45)
- Informatik und Kommunikation (21)
- Westfälisches Energieinstitut (21)
- Maschinenbau Bocholt (20)
- Elektrotechnik und angewandte Naturwissenschaften (19)
- Wirtschaft und Informationstechnik Bocholt (7)
- Institut für biologische und chemische Informatik (5)
- Fachbereiche (2)
- Institut Arbeit und Technik (2)
- Wirtschaftsingenieurwesen (2)
- Institut für Innovationsforschung und -management (1)
- Strategische Projekte (1)
- Wirtschaftsrecht (1)
Steganography, the art of concealing information in different types of medias, is a very old practice. Yet, it only recently started being used by malware operators on a large scale. Malware programmers and operators are increasing their efforts in developing covert communication channels between infected computers and their command and control servers. In addition to steganography, recent examples include hiding communication in inconspicuous network traffic such as DNS queries or HTTP 404 error messages.
When used properly, these covert communication channels can bypass many automated detection mechanisms and render malware communication difficult to detect and block. From an attacker's perspective, covert communication channels are a valuable addition because they allow messages to blend in with legitimate traffic and thus significantly lower the chance of being detected even when inspected by a human analyst.
This presentation studies recent advances in covert communication channels used by real-world malware. First, we will show how steganography has recently been used in three different malware families (Stegoloader, Vawtrak, and Lurk). We will dive into the implementation details on how steganography is implemented and discuss the strengths and weaknesses of each approach. Furthermore, we will detail and compare the usage of inconspicuous carrier protocols for covert communication channels in malware. Examples will span commodity cybercrime as well as targeted attack malware.
The cases that are discussed in this presentation are based on real life incidents. While it is easy to speculate how covert communication channels might be used by malicious actors, documentation of real-world cases is sparse. Yet covert communication channels have arrived in both, the commodity cybercrime and targeted attack world. It is thus vital to understand the status-quo and identify current trends in cybercriminal and targeted attack malware. As such, we believe that it is mandatory to highlight what is currently being used in the wild.