By Igino Corona, Chief Technology Officer & Security Researcher @ Pluribus One

The main goal of criminals can be summarized into one word: Money. Regardless local and international laws, they basically do whatever they can to (easily) make money and exploit it for their personal benefits. 
Cybercriminals, i.e., criminal actors working on the virtual side of our world represent the biggest threat to Internet users.
As part of our mission for a better (safer) “virtual world”, we offer free DNS resolvers (see our Pluribus One Internet Security) and analyze the associated DNS traffic to detect and stop such threats.
Our detectors embed our expert knowledge of both DNS security and machine learning in the form of robust --adversary-aware-- measurements and classification models to generalize known threats and detect new threats.

In this article we will delve into one relevant threat we are currently tracking by means of our passive DNS analysis, i.e., Powershell Cryptostealer Attacks. This is an excellent example of how network monitoring and (adversarial) machine learning can be exploited to detect new threats.

By Igino Corona, Matteo Mauri

Steganography is a secret mechanism for encoding information by any means of transmission. Its use has been known since ancient Greece and defined in the glossaries towards the end of the fifteenth century. Both encoding and medium of transmission are secret, that is, known only to the parties who intend to communicate in an occult way. Steganography therefore presents itself as an ideal tool for the creation of secret communication channels that can be used in sophisticated espionage scenarios, computer crime, data breaches in public and private sectors. 

Steganography differs from cryptography, in which encoding of information and medium of transmission are generally known (think for example to the HTTPS protocol used by this site). In this case, the encoding mechanism makes the extraction of information (extremely) difficult without the knowledge of additional data, known as encryption/decryption keys. These keys are known only to the parties authorized to communicate (for example, your browser and our web server).

By Matteo Mauri, Igino Corona, Davide Ariu

Stegomalware (or stegware) is a particular and sophisticated type of malware (malicious / unauthorized software) that uses steganography to evade detection and secretly exchange information.

Steganography was already used in ancient Greece and defined in the glossaries towards the end of the fifteenth century. In essence, it is a secret mechanism for encoding information through any means of transmission. Both the encoding and the transmission medium are secret, that is, known only to the parties who intend to communicate in an occult way.

In this sense, it differs from cryptography, in which the encoding of information and the transmission medium are generally known (e.g., the HTTPS protocol used by this website). In this case, the encoding mechanism makes the extraction of clear-text data (extremely) difficult without the knowledge of additional information, known as encryption / decryption keys. These keys are known only to the authorized communication parties (for example, your browser and our web server).

By Igino Corona et al.