Complete DHS Report for
April 9, 2015
Daily Report
Top Stories
· An April
7 power surge temporarily knocked out electricity to a number of Federal
government buildings, museums, several Metro stations, restaurants, offices,
and residences in Washington, D.C. and Maryland. – Washington Post
1. April
7, Washington Post – (Washington, D.C.; Maryland) Power surge
knocks out electrical service in parts of D.C. region. An April 7 power
surge that occurred when a Pepco transmission conductor in Mechanicsville,
Maryland, broke free and fell to the ground, temporarily knocked out
electricity to the White House, U.S. Department of State, U.S. Department of
Justice, a number of other government buildings, museums, several Metro
stations, restaurants, offices, and residences in Washington, D.C., and
prompted the closure of the University of Maryland at College Park campus.
Source: http://www.washingtonpost.com/local/scattered-power-outages-reported-across-dc-area/2015/04/07/8f4e8b84-dd49-11e4-a500-1c5bb1d8ff6a_story.html
· All
seven passengers were killed when an aircraft crashed about 2 miles from the
Central Illinois Regional Airport in Bloomington April 7. – Associated Press
7. April
7, Associated Press – (Illinois) Small plane crashes after NCAA
title game, killing ISU coach. The Federal Aviation Administration reported
that a twin-engine aircraft traveling from Indianapolis crashed about 2 miles
away from the Central Illinois Regional Airport in Bloomington April 7, killing
all seven passengers on board. The National Transportation Safety Board is
investing the cause of the crash, and stated that the plane was cleared to land
in fog and rain but apparently turned away from the approaching runway for an unknown
reason before crashing. Source: http://www.nbc29.com/story/28738328/plane-returning-from-ncaa-game-crashes-in-illinois-7-dead
· Fidelis
reported that hackers have co-opted the AlienSpy remote access tool (RAT) and
are spreading it via phishing messages to deliver the Citadel banking trojan
and establish backdoors inside a number of critical infrastructure operations.
– Threatpost See item 22 below in
the Information Technology Sector
· A report
released by Trend Micro and the Organization of the American States revealed
that in the last year 40 percent of 575 security leaders throughout critical
infrastructure sectors had dealt with network shutdown attempts and 60 percent
had faced hacking attempts aimed at stealing vital information, among other
findings. – Securityweek See item 24
below in the Information Technology
Sector
Financial Services Sector
3.
April 7, Warwick Post – (Rhode Island) Troopers arrest Warwick man for
embezzling $142K from manufacturer. Rhode Island State Police charged a Warwick
man with embezzling $142,114.31 from United States Associates, LLC April 6
following allegations that the suspect was stealing and selling company
inventory and keeping the proceeds for himself. An investigation found that the
man was receiving checks from one of the company’s customers who had been
ordering directly from him. Source: http://warwickpost.com/troopers-arrest-warwick-man-for-embezzling-142k-from-manufacturer/5876/
4.
April 7, U.S. Securities and Exchange Commission – (California; Ohio) SEC
charges L.A.-based Pacific West Capital Group with fraud in sale of life
settlement investments. The U.S. Securities and Exchange Commission charged Los
Angeles-based Pacific West Capital Group Inc., and its owner April 7 with fraud
in the sale of life settlement investments for failing to disclose risks
associated with the investments and for using the proceeds from the sale of new
life settlements to continue funding previously sold investments, raising over
$100 million from investors. Ohio-based PWCG Trust and five Pacific West sales
agents were also charged in the scheme. Source: http://www.sec.gov/news/pressrelease/2015-60.html
5.
April 7, WCBS 2 New York City; Associated Press – (New York) SEC files fraud
charges against former Syracuse star, New York Giant player. The U.S.
Securities and Exchange Commission filed civil fraud charges April 6 against a
former National Football League player, his business partner, and Capital
Financial Partners investment firms in connection to an alleged Ponzi scheme in
which the pair paid approximately $7 million in investors’ money instead of
using profits from the investments after paying out about $20 million to
investors but only receiving around $13 million in loan repayments. The pair
also misled investors about the terms and existence of loans and used some
funds to cover personal expenses. Source: http://newyork.cbslocal.com/2015/04/07/former-syracuse-star-new-york-giant-will-allen-charged-with-running-ponzi-scheme/
For
another story, see item 22 below in the Information
Technology Sector
Information Technology Sector
21. April 8,
Softpedia – (International) Stored XSS glitch in WP-Super-Cache may
affect over 1 million WordPress sites. Security researchers from Sucuri
discovered a cross-site-scripting (XSS) vulnerability in WP-Super-Cache plug-in
versions prior to 1.4.4 for WordPress sites that could allow attackers to add
new administrator accounts to the Web sites or inject backdoors due to improper
sanitization of information originating from users. The plugin currently has
over 1 million active installations and developers released a new version
repairing the issue. Source: http://news.softpedia.com/news/Stored-XSS-Glitch-in-WP-Super-Cache-May-Affect-Over-1-Million-WordPress-Sites-477905.shtml
22. April 8,
Threatpost – (International) New evasion techniques help AlienSpy RAT
spread Citadel malware. Fidelis researchers reported that hackers have
co-opted the AlienSpy remote access tool (RAT) and are spreading it via
phishing messages to deliver the Citadel banking trojan and establish backdoors
inside a number of critical infrastructure operations, including technology
companies, financial institutions, government agencies, and energy companies.
The tool has the capability to detect whether it is being executed inside a
virtual machine, can disable antivirus and other security tools, and employs
transport-layer security (TLS) encryption to protect communication with its
command-and-control (C&C) server. Source: https://threatpost.com/new-evasion-techniques-help-alienspy-rat-spread-citadel-malware/112064
23. April 8,
InfoWorld – (International) Widespread outages hit Windows 8/8.1 Metro
Mail, Windows Live Mail, Windows Phone 8.1 mail. Microsoft reported that
its Windows 8 and 8.1 Metro Mail, Windows Live Mail, and Windows Phone 8.1 Mail
clients were experiencing widespread outages for at least 6 hours April 8 that
prevented the syncing and sending of email, and that the issue is expected to
be resolved within 24 hours. Source: http://www.networkworld.com/article/2907300/windows/widespread-outage-for-windows-8-8-1-metro-mail-windows-live-mail-windows-phone-8-1-mail.html
24. April 7,
Securityweek – (International) Majority of critical infrastructure firms in
Americas have battled hack attempts: Survey. A report released by Trend
Micro and the Organization of the American States revealed that in the last
year 40 percent of 575 security leaders throughout critical infrastructure
sectors dealt network shut down attempts, while 44 percent faced attempts to
delete files, and 60 percent faced hacking attempts aimed at stealing vital
information. The survey also found that 54 percent of organizations dealt with
attempts of equipment manipulation through control networks or systems. Source:
http://www.securityweek.com/majority-critical-infrastructure-firms-americas-have-battled-hack-attempts-survey
25. April 7, Softpedia
– (International) Fake downloads for Android vulnerability
scanner lead to persistent ads. Security researchers at Trend Micro
identified three fraudulent Web sites that claim to provide a tool to scan for
previously-identified Android Installer hijacking vulnerabilities, which
instead redirect users to risky locations that display persistent ads and
install Android application package (APK) files on devices automatically.
Source: http://news.softpedia.com/news/Fake-Downloads-for-Android-Vulnerability-Scanner-Lead-to-Persistent-Ads-477843.shtml
26. April 7,
Securityweek – (International) Lazy remediation leaves most Global 2000
firms vulnerable after Heartbleed Flaw: Report. Venafi released new
research revealing that as of April 2015, 74 percent of 1,642 Global 2000
organizations with public-facing systems vulnerable to the Open Secure Socket
Layer (OpenSSL) Heartbleed flaw failed to fully remediate the risks around the
flaw despite warnings and guidance. The study also found that 85 percent of the
organizations’ external servers were still vulnerable and that 580,000 hosts
belonging to them were not completely remediated. Source: http://www.securityweek.com/lazy-remediation-leaves-most-global-2000-firms-vulnerable-heartbleed-flaw-report
27. April 7,
SC Magazine – (International) Drive-by-login attack identified and used in
lieu of spear phishing campaigns. Security researchers at High-Tech Bridge
reported that attackers are increasingly utilizing drive-by-logins attacks that
target specific visitors to infected Web sites with vulnerabilities that they
can leverage to install backdoors that deliver malware directly to users.
Researchers believe that these types of attacks are likely to be used in
Advanced Persistent Threat (APT) campaigns and could eventually replace
phishing attacks. Source: http://www.scmagazine.com/high-tech-bridge-identifies-new-attack-method-possibly-used-by-apts/article/407805/
28. April 7,
Softpedia – (International) Simple FedEx email slips malware on the
computer. Researchers discovered a FedEx phishing campaign that relies on
the curiosity of victims to open an attachment in an email purportedly from the
company which installs a malware dropper that can steal sensitive data from the
system or add it to a network of compromised computers. Source: http://news.softpedia.com/news/Simple-FedEx-Email-Slips-Malware-on-the-Computer-477837.shtml
Communications Sector
29. April 7, KREM 2 Spokane –
(Washington) $200,000 in damage done to Grant Co. cell tower site. Grant
County authorities are investigating after Inland Cellular reported up to
$200,000 in damage to a rural cellular phone sire building near Stratford April
2 that was apparently struck by a vehicle on 3 sides of the structure.
Electronic equipment housed inside the building was not damaged and cellular service
was not interrupted during the incident. Source: http://www.krem.com/story/news/local/grant-county/2015/04/07/200k-in-damage-done-to-grant-co-cell-tower-site/25434199/
For another story, see item 23 above in the Information Technology
Sector