source: threatpost.com

A phishing campaign pushing Locky ransomware is targeting some of the 22 million victims of the massive United States Office of Personnel Management breaches of 2014 and 2015.

According to researchers at PhishMe Intelligence, the campaign involves attackers impersonating OPM representatives who are targeting government contractors and workers that have had personal information stolen from them. Attackers are using phishing messages that warn targets that the OPM has detected “suspicious movements” in their bank accounts. The email goes onto ask recipients to “examine the attached scanned record.” At the bottom of the phishing attack messages is the email signature of Elis Lucas, account manager with the U.S. Office of Personnel Management.

The attachment is a zip archive that when launched runs a JavaScript application that downloads and runs a sample of the Locky encryption ransomware. The attackers, researchers wrote, are demonstrating their “unscrupulous nature and willingness to exploit the misfortune of others at any step in their delivery and infection process.” PhishMe found 323 unique JavaScript application attachments used in the campaign with the capability of downloading obfuscated Locky payloads from 78 command-and-control payload locations. Of note, PhishMe said, the sample it found contained four hardcoded command-and-control hosts, as well as a single payment site where victims could pay their ransom in Bitcoin in exchange for an encryption key. Locky has been potent since its initial detection on Feb. 16 – with attempts to infect computers in more than 100 countries.

The preferred Locky attack vector has been email messages that contain an attached Word document embedded with a malicious macro. Once the macro is engaged, a script is initiated and Locky is downloaded onto a victim’s PC. The ransomware was used to target hospitals starting with Hollywood Presbyterian Medical Center in Los Angeles, which paid a $17,000 ransom, and this summer was spread by the Necurs botnet.  According to a Check Point analysis of Locky, researchers have documented at least 10 different Locky downloader variants. In those cases, each variant has tried to avoid detection by hiding the Locky payload in different file types (.doc, .docm, .xls and also .js) that claim mostly to be invoice attachments. According PhishMe, “These emails reinforce the fact that overcoming the phishing threat and the ransomware it delivers is not some insurmountable task. Instead, user education and the bolstering of incident response practices can give organizations the edge over threat actors.”


source: defenseone.comhow


A invitation from the Pentagon's mapping arm could be the first of more outreach to early-stage private-sector companies.

One spy agency is moving past a reputation for mysterious activity by actively networking with commercial startups.

The National Geospatial-Intelligence Agency has recently been making deliberate efforts to meet early-stage private sector companies developing technology that might be viable to its multifaceted mission to provide intel for national-security efforts, and humanitarian and relief agencies.

Nextgov spoke with Erwin Godoy, chief innovation strategist at NGA’s Enterprise Innovation Office, about the agency’s broader goals. This conversation has been edited for length and clarity.

Godoy: For the most part, the government has tended to be very passive. We are sought-after customers by our traditional industry. We have traditional windows such as FedBizOpps—that’s usually where we kind of wait and see if people answer our requests.

While that worked for us great in the ‘90s and the first part of the decade … the rate of technological change, the rate of new companies coming out … has just been so fast, coming out of Silicon Valley, often New York, Boston, these hubs are driving innovation in our economy at large. Most of these companies aren’t used to doing business with government; they don’t even know how to start.


 

 

SOURCE:  USATODAY.COM


The new Trump administration could better protect the nation from cyber attacks by teaming with Silicon Valley to boost the cyber workforce and creating an agency to find new ways to safeguard digital security, UC Berkeley's Center for Long-Term Cybersecurity said in recommendations unveiled Friday.

Those ideas were among five major cybersecurity suggestions that the center's experts offered during a panel discussion at the Bipartisan Policy Center. The University of California, Berkeleycenter has reached out to Trump's transition team to offer its advice. Trump has not yet named a cybersecurity adviser.

"The new administration has an important opportunity to change the way Americans think about cybersecurity," the center said in a short report presented by Executive Director Betsy Cooper and Faculty Director Steven Weber. "We believe cybersecurity needs to be thought of as an existential risk to core American interests and values, rising close to the level of major armed conflict and climate change."

Americans have become increasingly aware of cybersecurity threats in the wake of high-profile hacks of major government and private sector groups, including the Democratic National Committee, Yahoo, Target, and the Internal Revenue Service.

But the risk of a major cyber attack carries much darker consequences, including the disabling of the nation's electrical grid and widespread data disruption that could scramble everything from government communications to the online banking websites that many Americans rely on, Weber said.

"Just think about how much of your life is dependent on the assumption that the Internet actually works and is safe," he said.

 

SOURCE:  THECIPHERBRIEF.COM (contributed by Artemus FAN, Cindy Webb)

For those who haven't had the opportunity to take a look at this impressive amalgamation of articles, papers, and provocative conversations, you owe it to yourself to bookmark this one!  

www.thecipherbrief.com

The Cipher Brief is a digital, security-based conversation platform that connects the private sector with the world’s leading security experts. We deliver a relevant analysis of news and events that helps readers accurately anticipate and safely navigate the complex, unstable, global security environment. The Cipher Brief was founded by former CNN Intelligence Correspondent Suzanne Kelly on the belief that reporting on the latest security breaches or global security issues alone won’t always help find solutions to the bigger problems. Engaging the private sector in a solutions-based conversation is what moves the ball down the field.


An excerpt from the "State of Play" section of thecipherbrief.com:

(written by Frank Archibald, former Director, CIA's National Clandestine Service)

Susan Williams’ book, Spies in the Congo, provides a well-researched and detailed history of the efforts of the Office of Strategic Services, America’s first strategic intelligence agency and the forerunner of the CIA, to establish itself in the Congo as well as West Africa.  In telling the OSS story, Dr. Williams reveals two other stories as well: She provides a strategic overview of the joint program between the United States, the United Kingdom, and Canada (U.S./UK/CAN) to develop an atomic weapon; and unfolds the story of the Congolese people.

The principal mission of the small OSS team in the Congo was to thwart any German efforts to obtain the high grade uranium ore from the Shinkolobwe mine in the Eastern Congo Province of Katanga.  The Congo ore regularly graded out at over 65 percent uranium; the other sources in the world graded out at less than one percent.  Tons of uranium was needed to create a weapons program and a bomb. The United States was determined to obtain all it needed from the Congo and at the same time deny German attempts to secure any Congolese uranium. The actual acquisition of the uranium ore was not an OSS function; that was accomplished by the U.S. Military, the State Department, and the Foreign Economic Administration.

click here to read more