Monday, April 8, 2013
Complete DHS Daily Report for April 8, 2013
• A DHS report revealed a spear-phishing campaign targeted 11 companies from the energy sector utilizing publicly available information found on their Web sites. – Softpedia (See item 1)
1. April 5, Softpedia – (National) DHS Report: 11 companies from energy sector targeted by cybercriminals. A DHS report revealed a spear-phishing campaign that targeted 11 companies from the energy sector by utilizing publicly available information found on their Web sites and creating malicious emails guiding recipients to malware attachments and links. Source: http://news.softpedia.com/news/DHS-Report-11-Companies-from-the-Energy-Sector-Targeted-by-Cybercriminals-343342.shtml
• Twenty-two suspects in a multi-State credit card fraud ring were held in two New Jersey counties April 3, including a county jail nurse. The ring is suspected of taking in nearly $1 million per month via fraud. – Jersey Journal See item 11 below in the Banking and Finance Sector
• A federal grand jury indicted 12 individuals for allegedly conspiring to defraud the Internal Revenue Service by using stolen medical records to perpetrate identity theft, file false tax returns, and divert the returns to themselves. – Federal Bureau of Investigation See item 14 below in the Banking and Finance Sector
• Farm Rich expanded its recall of various heat treated, not fully cooked frozen mini meals and snack items to more than 10.5 million pounds because of potential contamination. – Food Safety and Inspection Service
23. April 5, Food Safety Inspection Service – (National) New York firm recalls additional frozen mini meals and other snack products due to possible E.Coli O121 contamination. Farm Rich has expanded its recall of various heat treated, not fully cooked frozen mini meals and snack items, to more than 10.5 million pounds because of potential contamination. Seven people have been hospitalized out of 24 people known to have been sickened by the outbreak of E. coli O121 linked to frozen snacks from Farm Rich food products. Source: http://www.fsis.usda.gov/News_&_Events/Recall_025_2013_Expanded/index.asp
Banking and Finance Sector
8. April 5, Nashville Tennessean – (Tennessee; National) Memphis lawyer accused of being part of alleged insurance scam. A lawyer for two men charged in an alleged $20 million nation-wide health insurance was arrested in Memphis for his alleged role in the scheme. Source: http://www.tennessean.com/article/20130405/BUSINESS01/304050104/Memphis-lawyer-accused-being-part-alleged-insurance-scam
9. April 5, Softpedia – (International) Ukrainian and Russian authorities arrest Carberp trojan developers. Several alleged developers of the Carberp banking Trojan were arrested by authorities in Russia and Ukraine. The trojan allowed the cybercriminal group, who operated remotely, to steal $250 million in Ukraine and Russia alone. Source: http://news.softpedia.com/news/Ukrainian-and-Russian-Authorities-Arrest-Carberp-Trojan-Developers-343142.shtml
10. April 4, Bloomberg News – (National) AIG among mortgage insurers fined by CFPB in kickback probe. The Consumer Financial Protection Bureau announced that four mortgage insurance firms will pay $15.4 million to settle claims that they paid lending institutions illegal kickbacks in exchange for business. Source: http://www.bloomberg.com/news/2013-04-04/aig-among-mortgage-insurersfined-by-cfpb-in-bank-kickback-probe.html
11. April 4, Jersey Journal – (New Jersey) 22 people charged as part of credit-card fraud ring appear in Hudson County court. Twenty-two suspects in a multi-State credit card fraud ring were held in two New Jersey counties April 3, including a county jail nurse. The ring is suspected of taking in nearly $1 million per month via fraud. Source: http://www.nj.com/hudson/index.ssf/2013/04/22_in_credit_card_fraud_ring_b.html
12. April 4, KXAN 21 Austin – (Texas) Austin developers committed bank fraud. Two developers were sentenced April 3 for falsifying bank statements to fraudulently obtain
a $39 million loan to construct an office building in Austin. Source: http://www.kxan.com/dpp/news/local/austin/austin-developers-committedbank-fraud
13. April 4, WLKY 26 Louisville – (Kentucky) 5 people arrested with hundreds of fake credit cards in Clarksville. Five individuals were arrested in Clarksville after they were found with 350 fraudulent credit cards in their possession. Source: http://www.wlky.com/news/local-news/indiana-news/5-people-arrested-withhundreds-of-fake-credit-cards-in-Clarksville/-/9718538/19622252/-/format/rsss_2.0/-/10n574i/-/index.html
14. April 3, Federal Bureau of Investigation – (Georgia) Twelve defendants charged with 115 federal tax violations. A federal grand jury indicted 12 individuals for allegedly conspiring to defraud the Internal Revenue Service by using stolen medical records to perpetrate identity theft, file false tax returns, and divert the returns to themselves. Source: http://www.loansafe.org/twelve-defendants-charged-with-115-federal-taxviolations
Information Technology Sector
33. April 5, Softpedia – (International) Scribd hacked, some users’ passwords possibly compromised. Digital documents library Scribd announced that it found and stopped suspicious activity on its network, but that less than one percent of users may have had their passwords compromised. Source: http://news.softpedia.com/news/Scribd-Hacked-Some-Users-Passwords-Possibly-Compromised-343161.shtml
34. April 5, Threatpost – (International) Skype malware stealing victims processing power to mine Bitcoins. An ongoing Skype spam campaign that began April 4 infects users’ systems to perform Bitcoin ‘mining’, using large amounts of processing power to create the virtual currency. Source: http://threatpost.com/en_us/blogs/skype-malware-stealing-victimsprocessing-power-mine-bitcoins-040513
35. April 4, Threatpost – (International) Skype, Dropbox patch critical Facebook authentication bugs. Dropbox and Skype closed an open direct vulnerability that could have allowed an attacker to access and control a user’s Facebook account. Source: http://threatpost.com/en_us/blogs/skype-dropbox-patch-criticalfacebook-authentication-bugs-040413
36. April 4, Softpedia – (International) In 92% of attacks ZIP files are used to deliver malware, FireEye study finds. FireEye released its Advanced Threat Report covering the latter half of 2012, detailing malware and methods of its distribution. Source: http://news.softpedia.com/news/In-92-of-Attacks-ZIP-Files-Are-Usedto-Deliver-Malware-FireEye-Study-Finds-342995.shtml
For additional stories, see items 1 above in Top Stories and 9 above in the Banking and Finance Sector
Nothing to report
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to email@example.com or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to firstname.lastname@example.org.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at email@example.com or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at firstname.lastname@example.org or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.