• EDUCATE
    EDUCATE

    ...our citizens to be cyber smart, and develop pathways for the future cyber workforce.

  • ENGAGE
    ENGAGE

    ...and convene partners to address emerging cyber and cryptologic issues.

  • COMMEMORATE
    COMMEMORATE

    ...our cryptologic history & those who served within the cryptologic community.

THE NCF VISION

Advance the nation’s interest in cyber and cryptology through leadership, education, and partnerships.

UPCOMING EVENTS

*** Remember to check out our "On This Date in History" calendar. See link below.

Saturday, May 4, 2024
8:30 am2:00 pm
TAC's TheLink, 7000 Columbia Gateway
Suite 150
Columbia, MD 21046
US

Thursday, October 3, 2024
Waverly Woods Golf Course
2100 Warwick Way
Mariottsville, MD 21104
US

Cybersecurity News: REAPER botnet, Russian Phishing at CyCon, & More.

This Week in Cybersecurity (week ending 10/28/2017)

REAPER Botnet Grows, but its Purpose is Unknown

REAPER is a growing botnet of over one million devices, causing concern in the global cybersecurity community. REAPER infects video cameras and other Internet of Things (IOT) devices, taking advantage of known vulnerabilities in D-Link, Netgear, and AVTech products. REAPER is similar to the Mirai malware that infected IoT devices in late 2016. The infected devices in turn launched a Distributed Denial of Service attack on Dyn DNS in late 2016, knocking out a number of Internet services in the U.S. While the botnet continues to grow, there have been no known attacks so far and it’s unclear how the botnet may be used. (Source: ZDNet.com, 24 October 2017)

Russian APT Attempts to Phish CyCon Participants

CyberWire reports on potential Russian interference in this year’s CyCon conference. Fancy Bear (APT28, or, to name it directly, Russia's GRU) is snuffling around people thinking about attending next month's CyCon conference in Washington, DC. Sponsored jointly by the US Army Cyber Institute and NATO's Cooperative Cyber Defence Centre of Excellence, this year the well-known conference takes "the future of cyber conflict" as its theme. Fancy Bear is phishing for prospective attendees with a baited Word document that carries Seduploader as its payload. Seduploader is a reconnaissance tool useful in determining which targets deserve closer attention. The phishbait document, a cut-and-paste job designed to look like an event flier, is "Conference_on_Cyber_Conflict.doc." Stay away from it and the malicious Visual Basic for Applications (VBA) macro it contains. (The CyberWire, 10/25/2017)

Bad Rabbit Ransomware

Bad Rabbit is a new type of ransomware that is causing concern. Confined so far to Russia and Eastern Europe, it is the third major ransomware this year following WannaCry and NotPetya. Bad Rabbit is delivered via a drive-by attack on unsecure websites. A malware dropper disguised as an Adobe Flash update is downloaded to unsuspecting visitors to infected websites. When they click on the update link, their computer locks up and files are encrypted using DiskCryptor software. A ransom note appears demanding just under $300 in Bitcoin within 40 hours in return for the keys to decrypt the victim’s files. Experts are increasingly convinced that Bad Rabbit is the work of the same threat actors responsible for NotPetya, although Bad Rabbit does not appear to be as sophisticated. Several internet security firms have noticed that the servers and sites BadRabbit's controllers used seem to have shut down after just a few hours of activity. Others have noted that Bad Rabbit, unlike NotPetya, does not appear to use tools stolen from NSA by the still-unidentified Shadow Brokers group. (Source: The CyberWire 10/26/2017 and Wired UK article.

Kaspersky Lab Update

Kaspersky Lab's transparency and charm counteroffensive may have hit a bump. The company acknowledged that its security software did indeed scoop up some NSA tools (from a machine that should never have had them in the first place). They say they promptly deleted the sensitive files. (Source: TheCyberWire, 10/26/2017)

US-CERT Alert on North Korean Botnet Infrastructure

DHS/US-CERT updated an alert from June about North Korea’s HIDDEN COBRA botnet structure. The new alert is TA17-164A. It provides the following overview as well as technical indicators and suggested response guidance.

This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). This alert provides technical details on the tools and infrastructure used by cyber actors of the North Korean government to target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally. Working with U.S. Government partners, DHS and FBI identified Internet Protocol (IP) addresses associated with a malware variant, known as DeltaCharlie, used to manage North Korea’s distributed denial-of-service (DDoS) botnet infrastructure. This alert contains indicators of compromise (IOCs), malware descriptions, network signatures, and host-based rules to help network defenders detect activity conducted by the North Korean government. The U.S. Government refers to the malicious cyber activity by the North Korean government as HIDDEN COBRA. Click for more information related to HIDDEN COBRA activity.

Twitter Exec Victimized by Russian Trolls during 2016 Election

According to CyberWire, a Twitter executive was successfully trolled by Russian influence operators in 2016. The exec was induced to retweet positive stories from a bogus Black Lives Matter activist, who in reality was a Russian troll. Observers take the incident as a cautionary tale of how grooming influencers works. (CyberWire, 10/25/2017)

THIS MONTH on the

On This Day In History

Calendar

  • The first hire at SIS was Annie Louise Newkirk, hired as a cryptographic clerk. Interesting note, when a phone call came in for someone working in the vault room, Ms. Newkirk would buzz the back room using a Morse code equivalent for the first initial of the individual's name. In honor of Women's History Month - click to learn about more female cryptologic pioneers!

About Us

The NCF's Vision is to strengthen trust in the digital ecosystem.

The NCF Mission: Advance the nation’s interest in cyber and cryptology as we:

Educate citizens to be cyber smart individuals, 

Develop pathways for the future cyber and cryptologic workforce, 

Engage and convene partners to address emerging cyber and cryptologic issues and, 

Commemorate our cryptologic history and those who served. 

The Foundation provides exceptional cryptologic programs, encourages young minds to learn about cryptology and to explore cyber-related career opportunities, hosts educational, cryptology-related exhibits at various community events, and honors the people— past and present—whose contributions to our national security protect and make possible our way of life.

The NCF also provides needed support to the National Cryptologic Museum (NCM), the first public museum in the U.S. Intelligence Community. Located adjacent to the National Security Agency (NSA) in Maryland, the NCM houses a unique and priceless collection of artifacts that represent our Nation's history in code making and code breaking, as well as a world class library of cryptologic media. The NCF has acquired rare and invaluable artifacts for the Museum and helps to support new educational and interactive exhibits.

The NCF is a 501(c)(3) organization.

Learn more about our MISSION, VISION, and VALUES.