Wednesday, January 16, 2013


Daily Report

Top Stories

• Recently, malware attacks at two energy companies infiltrated critical networks,  highlighting the need for companies to adhere to best practices in protecting their networks from cyber attacks. A report from the Industrial Control Systems Cyber Emergency Response Team suggested cleaning USB drives after each use, maintaining system backups, and other methods as a way to mitigate threats against industrial control systems. – Threatpost

1. January 14, Threatpost – (National) Malware infects two power plants lacking basic security controls. Recently, malware attacks at two energy companies infiltrated critical networks, highlighting the need for companies to adhere to best practices in protecting their networks from cyber attacks. A report from the Industrial Control Systems Cyber Emergency Response Team suggested cleaning USB drives after each use, maintaining system backups, and other methods as a way to mitigate threats against industrial control systems. Source: http://threatpost.com/en_us/blogs/malware-infects-two-power-plants-lacking-basic-security-controls-011413

• Two illegal immigrants from Romania were arrested in Englewood for allegedly running an ATM skimming operation that stole more than $1 million from customers' accounts. – Bergen County Record See item 5 below in the Banking and Finance Sector

• A water treatment plant in Jefferson County experienced a major mechanical failure over the January 12 weekend that allowed 95 million gallons of wastewater mixed with storm water to flood the area. – Louisville Courier Journal

13. January 14, Louisville Courier Journal – (Kentucky) 95 million gallons of storm and wastewater spill into Louisville creeks after treatment plant failure. A water treatment plant in Jefferson County experienced a major mechanical failure over the January 12 weekend that allowed 95 million gallons of wastewater mixed with storm water to flood the area. Source: http://www.courier-journal.com/article/20130114/NEWS01/301140051/95-million-gallons-storm-wastewater-spill-into-Louisville-creeks-after-treatment-plant-failure

• The Whites Creek school remained closed January 15 after a carbon monoxide leak January 14 sent 40 students to the hospital. – WTVF 5 Nashville

19. January 15, WTVF 5 Nashville – (Tennessee) Drexel Academy students treated for carbon monoxide poisoning. The Whites Creek school remained closed January 15 after a carbon monoxide leak January 14 sent 40 students to the hospital. Source: http://www.newschannel5.com/story/20585401/drexel-academy-student-treated-for-carbon-monoxide-poisoning

Details

Banking and Finance Sector

2. January 15, Las Vegas Sun – (Nevada) Las Vegas lawyer pleads to mortgage fraud scheme in valley. A Las Vegas lawyer entered a guilty plea for charges relating to his role in a mortgage fraud scheme that defrauded lending institutions of $30 million. Source: http://www.lasvegassun.com/news/2013/jan/14/las-vegas-lawyer-pleads-mortgage-fraud-scheme/

3. January 15, Palm Harbor Patch – (Florida) Palm Harbor 'Bank Bag Bandit' pleads guilty. The man known as the "Bank Bag Bandit" pleaded guilty the week of January 7 to five armed robberies in three Florida counties. Source: http://palmharbor.patch.com/articles/palm-harbor-bank-bag-bandit-pleads-guilty

4. January 14, Bloomberg News – (National) JPMorgan ordered to fix controls, pay practices after Whale bet. The Federal Reserve and the Office of the Comptroller of the Currency ordered JPMorgan Chase & Co. to increase its trading oversight and use better anti-money laundering practices after significant deficiencies in risk management were cited by regulators. Source: http://www.businessweek.com/news/2013-01-14/jpmorgan-s-whale-trade-subject-of-occ-order-to-fix-risk-controls

5. January 14, Bergen County Record – (New Jersey) Two men, natives of Romania, are arrested in ATM scam that netted more than $1 million. Two illegal immigrants from Romania were arrested in Englewood for allegedly running an ATM skimming operation that stole more than $1 million from customers' accounts. Source: http://www.northjersey.com/englewood/Two_men_natives_of_Romania_are_arrested_in_ATM_scam_that_netted_more_than_1_million.html

Information Technology

23. January 15, Help Net Security – (International) Waledac botmasters use Virut malware to build a new botnet. The botmasters behind the Waledac (also known as Kelihos) botnet have been found by Symantec researchers to be infecting computers by using the Virut botnet in an attempt to rebuild their own botnet. W32.Waledac.D infections have risen, mostly on computers in the U.S. Source: http://www.net-security.org/malware_news.php?id=2376&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+HelpNetSecurity+(Help+Net+Security)&utm_content=Google+Reader

24. January 15, Softpedia – (International) Red October cyber espionage campaign relied on Java exploit to infect computers. Researchers at Seculert analyzed the recently-discovered 'Red October' cyber espionage campaign and found that it had also utilized a Java vulnerability to disseminate malware. Source: http://news.softpedia.com/news/Red-October-Cyber-Espionage-Campaign-Relied-on-Java-Exploit-to-Infect-Computers-321319.shtml

25. January 14, Krebs on Security – (International) Microsoft issues fix for zero-day IE flaw. Microsoft released an emergency out-of-band security update to close a critical security vulnerability in Internet Explorer versions 6, 7, and 8 that was recently used in targeted attacks. Source: http://krebsonsecurity.com/2013/01/microsoft-issues-fix-for-zero-day-ie-flaw/

Communications Sector

Nothing to report.