CUING-WG (Working Groups) will provide a narrower focus and more targeted monitoring of specific areas of information hiding. The WGs are as follows.
- WG1: Steganography. Focuses on steganographic/covert channels techniques used by criminals/cyber-criminals and malware (a.k.a. stegomalware). Various types of information hiding methods belong to this group: hiding in the structure of the digital media files, steganographic techniques applied to diverse hidden data carriers, and local/network covert channels.
- WG2: Stegomalware. Focuses on cryptographic and related obfuscation/evasion techniques used by cyber-criminals and malware. This working group will analyse and monitor evolution of evasion techniques like detection of sandboxing environment and/or lack of user input, IDS evasion solutions, etc. and obfuscation methods like dead-code insertion, register reassignment, code transportation/integration, various payload obfuscation techniques (e.g. encoding and encryption, polymorphism)
- WG3: Hidden networks. Focuses on anonymization techniques and related topics that can be utilized for nefarious purposes and can help cyber-criminals to remain undiscovered for long periods of time or allow them to constitute their business models. This includes solutions like TOR, darknets, underground environments, cryptocurrency etc.
- WG4: Automated threats. Focuses on automated threats to a computer network or web application, characterized by the malicious use of automated tools such as Internet bots commonly known as ‘bad bots’. Such threats are best described within the OWASP ontology list for classifying automated threats, such as, web scraping, vulnerability scanning, brute force attacks, competitive data mining, cryptojacking, online fraud, account hijacking, data theft, spam, digital ad fraud, DNS tunnelling, and downtime, DDoS. The pre-actions to data breaches.