Complete DHS Report for
June 25, 2015
Daily Report
Top Stories
• Severe weather June 23 caused 200,000 power
outages in New Jersey, 160,000 in Pennsylvania, 22,700 in Delaware and 20,000
in Connecticut. – NBC News
1. June
24, NBC News – (National) Northeast storms knock out power to
hundreds of thousands. Severe weather June 23 caused 200,000 power outages
in New Jersey, 160,000 in Pennsylvania, 22,700 in Delaware and 20,000 in Connecticut.
The heavy storms also caused a total of 1,000 flight cancellations and 4,000
delays at Boston, New York, Philadelphia and Washington, D.C. airports. Source:
http://www.nbcnews.com/news/weather/northeast-storms-knock-out-power-hundreds-thousands-ground-flights-n380751
• A U.S. and Canadian dual-citizen was
arrested June 23 on charges surrounding alleged securities fraud and money
laundering conspiracies that generated $300 million in illegal profits. – Reuters
See
item 9 below in the Financial Services Sector
• German authorities extradited a Turkish
suspect to the U.S. June 23 on charges that he allegedly organized a complex
bank heist of $40 million in cash from ATMs in New York and in 23 other
countries in February 2013. – Bloomberg See item 13 below
in the Financial Services Sector
• The U.S. Office of Personnel Management’s director
announced in a Congressional hearing June 24 that the estimated cost for recent
data breaches targeting the agency could exceed $19 million. – Christian
Science Monitor
26. June 23, Christian Science Monitor – (National)
Price tag for OPM breach at least $19 million. The U.S. Office of
Personnel Management’s director announced in a Congressional hearing June 24
the estimated cost for recent data breaches targeting the agency could exceed
$19 million. The cost covers informing victims of the breach as well as credit
monitoring services. Source: http://www.csmonitor.com/World/Passcode/2015/0623/Price-tag-for-OPM-breach-at-least-19-million
Financial Services Sector
9. June 23,
Reuters – (National) U.S.-Canadian man charged for Cynk trades, $300
mln fraud. A U.S. and Canadian dual-citizen was arrested June 23 on charges
surrounding alleged securities fraud and money laundering conspiracies that
generated $300 million in illegal profits, including a pump-and-dump scheme
that inflated the market value of Cynk Technology Corp to over $6 billion. The
U.S. Securities and Exchange Commission filed related civil charges against the
suspect. Source: http://www.reuters.com/article/2015/06/23/usa-crime-mulholland-fraud-idUSL1N0Z92FI20150623
10. June 23,
WPLG 10 Miami – (International) Suspect dubbed ‘Lucky Bandit’ bank robber
arrested. FBI officials reported that the suspect dubbed the “Lucky Bandit”
was arrested June 23 in connection with a robbery of a Wells Fargo bank and an
attempted robbery of a Citibank branch in Pembroke Pines in April. The suspect
is believed to be connected to 8 bank robberies since October 2014. Source: http://www.local10.com/news/serial-bank-robber-arrested/33740676
11. June 23,
U.S. Securities and Exchange Commission – (International) SEC charges
unregistered brokers in EB-5 Immigrant Investor Program. The U.S.
Securities and Exchange Commission charged Florida-based Ireeco LLC and its
Hong Kong-based successor June 23 with allegedly illegally brokering over $79
million worth of investments by foreigners seeking U.S. residency in the U.S.
Citizenship and Immigration Service’s EB-5 Immigrant Investor Program. The
firms agreed to be censured and to cease and desist from similar violations in
the future. Source: http://www.sec.gov/news/pressrelease/2015-127.html
12. June 23,
Dark Reading – (International) Banks targeted by hackers three times more
than other sectors. Raytheon and Websense released findings from a study on
their customers revealing that financial services organizations, many of which
are U.S. firms, are targeted three times more by cybercriminals than any other
industry, and that these attacks are primarily utilizing the Rerdom, Vawtrack,
and Geodo malware families, among other findings. Source: http://www.darkreading.com/attacks-breaches/banks-targeted-by-hackers-three-times-more-than-other-sectors/d/d-id/1321016
13. June 23,
Bloomberg – (International) Most-wanted cybercriminal extradited to U.S.
from Germany. German authorities extradited a Turkish suspect, who is
considered to be one of the world’s most wanted cybercriminals, to the U.S.
June 23 on charges that he allegedly organized a complex bank heist of $40
million in cash from ATMs in New York and in 23 other countries in February
2013. The suspect also reportedly stole $19 million through 25,700 ATM
transactions in 20 countries from 2011 – 2012. Source: http://www.bloomberg.com/politics/articles/2015-06-23/turkish-man-accused-in-global-atm-heist-extradited-to-u-s-
14. June 22,
U.S. Attorney’s Office, Eastern District of Pennsylvania –
(National) RICO conspiracy charged in payday lending case. A Jenkintown,
Pennsylvania was charged in an indictment unsealed June 22 with participation
in a racketing conspiracy for allegedly operating a payday lending business
that violated numerous State usury laws and reaped millions of dollars from
illegal fees, and for allegedly helping his sons in a multi-million-dollar
telemarketing scam that victimized over 70,000 people nationwide. Source: https://www.fbi.gov/philadelphia/press-releases/2015/rico-conspiracy-charged-in-payday-lending-case
For another story, see item 28 below in the Information Technology Sector
Information Technology Sector
28. June 24,
Softpedia – (International) Dyre banking malware uses 285 command and
control servers. Security researchers from Symantec released a report
revealing that multiple groups are running at least 285 command and control
(C&C) servers as well as 44 machines to deliver payloads and execute
man-in-the-browser (MitB) attacks. The servers are located primarily in Ukraine
and Russia but located worldwide, and are primarily targeting financial
organizations in the U.S. and United Kingdom. Source: http://news.softpedia.com/news/dyre-banking-malware-uses-285-command-and-control-servers-485119.shtml
29. June 24,
The Register – (International) Feds count Cryptowall cost: $18 million says
FBI. The FBI reported that the U.S. Internet Crime Complaints Commission
(IC3) received 992 complaints associated with the CryptoWall ransomware
resulting in U.S. user and business losses of over $18 million from April 2014
– June 2015. Source: http://www.theregister.co.uk/2015/06/24/feds_count_cryptowall_cost_18_million_says_fbi/
30. June 23,
Softpedia – (International) Flash Player zero-day used by Chinese
Cyber-Espionage group. Security researchers from FireEye discovered that
the APT3 advanced threat group is currently exploiting a zero-day Adobe Flash
Player heap buffer overflow vulnerability patched by Adobe June 23. The group’s
latest campaign was dubbed Operation Clandestine Wolf, and they generally
target organizations from the aerospace and defense, construction and
engineering, technology, telecommunications, and transportation industries.
Source: http://news.softpedia.com/news/flash-player-zero-day-used-by-chinese-cyber-espionage-group-485077.shtml
31. June 23,
Softpedia – (International) Cheap radio device can steal decryption keys
from nearby laptop. Researchers from Israel created a palm-sized radio
device that can capture decryption keys from laptops just a few feet away by
intercepting bit patterns in electromagnetic emanations from the targeted
machine’s central processing unit (CPU). The device can be built for about $300
from readily available components, and was able to extract decryption keys
within seconds. Source: http://news.softpedia.com/news/cheap-radio-device-can-steal-decryption-keys-from-nearby-laptop-485065.shtml
32. June 23,
SC Magazine – (International) Targeted attacks rise, cyber attackers
spreading through networks, report says. Vectra Networks released findings
from its Post-Intrusion Report of 40 customer and prospect networks revealing
that non-linear growth in lateral movement of attacks increased 580 percent
from 2014, that reconnaissance detections were up 270 percent, and that overall
detections increased 97 percent. Vectra attributed the large uptick in
detections partly to the increased accessibility of hacker tools. Source: http://www.scmagazine.com/once-in-attackers-spread-out-through-networks-research-shows/article/422382/2/
33. June 23,
Dark Reading – (International) Government, Healthcare particularly
lackluster in application security. Veracode released findings from its
State of Software Security Report revealing that government agencies and
healthcare organizations performed the worst in industry-specific software
security metrics due to issues such as slow rates in addressing identified
flaws and cryptographic vulnerabilities from weak algorithms, while all industries
struggled with software supply chain issues, among other findings. Source: http://www.darkreading.com/application-security/government-healthcare-particularly-lackluster-in-application-security/d/d-id/1321002
34. June 23,
Threatpost – (International) TCP vulnerability haunts Wind River VxWorks
embedded OS. Security researchers at Georgia Tech discovered a transmission
control protocol (TCP) prediction vulnerability in Wind River’s VxWorks
embedded operating system (OS) used in a large number of industrial control
system (ICS) products in which an attacker can leverage a predictable TCP
initial sequence to spoof or disrupt connections to and from target devices.
Source: https://threatpost.com/tcp-vulnerability-haunts-wind-river-vxworks-embedded-os/113429
35. June 23,
Softpedia – (International) Adobe fixes Flash Player zero-day exploited
in the wild. Adobe released an emergency update for its Flash Player
software addressing a heap buffer overflow vulnerability that is being
exploited in the wild in which an attacker could execute arbitrary code and
take control of an affected system, possibly funneling in malware via drive-by
download attacks. Source: http://news.softpedia.com/news/adobe-fixes-flash-player-zero-day-exploited-in-the-wild-485066.shtml
For additional
stories, see items see items 12 and 13 above in the Financial Services Sector
Communications Sector
36. June 23,
Surf City SandPaper – (New Jersey) Hours-long Comcast outage due to software issue,
now resolved. Internet, cable, and phone services were restored to Comcast
customers in northern and central New Jersey, June 23 after the system went
down due to a software issue that caused an outage for several hours. Source: http://thesandpaper.villagesoup.com/p/hours-long-comcast-outage-due-to-software-issue-now-resolved/1366025
For additional stories, see items 15 below from the Transportation Systems Sector and 30 above in the Information
Technology Sector
15. June 23, WFMZ 69 Allentown – (Pennsylvania) Downed power lines shut down Route 422 for more than 12 hours. Route 422 in Douglass Township reopened in both directions after being closed for more than 12 hours June 23 while crews repaired power lines that were brought down by a semi-truck and caused an electricity and phone service outage in the area. Service was restored. Source: http://www.wfmz.com/news/news-regional-berks/downed-power-lines-shut-down-route-422-for-more-than-12-hours/33737600