Wednesday, June 11, 2014




Complete DHS Report for June 11, 2014

Daily Report

Top Stories

 • Researchers at CrowdStrike released a report on a cyberespionage group dubbed Putter Panda that possibly has ties to the Chinese People’s Liberation Army and primarily targets U.S, Japanese, and European aerospace, satellite, and communications industries. – Securityweek See item 5 below in the Financial Services Sector

 • A fire broke out at Sorenson Farms in Grandview, Washington, June 8 which caused an estimated $1.5 million in damage. – Yakima Herald-Republic 

13. June 10, Yakima Herald-Republic – (Washington) Grandview farm shop fire racks up estimated loss topping $1M. A fire broke out at Sorenson Farms in Grandview June 8 and engulfed a shop that was used as a small office and to store a variety of equipment, including tractors, grape pickers, forklifts, and tools. Authorities are investigating the source of the fire which caused an estimated $1.5 million in damage. Source: http://www.yakimaherald.com/news/latestlocalnews/2247451-8/fire-destroys-farm-shop-east-of-grandview


 • Firefighters reached 65 percent containment on a fire that broke out June 9 at a Thompson Hardwoods wood processing facility in Hazlehurst, New York, when a load of lumber was pulled out of a drying kin and strong winds spread embers from that load to other lumber in the warehouse. – WALB 10 Albany 

14. June 9, WALB 10 Albany – (Georgia) Hazlehurst lumberyard burns on; economic damage enormous. Firefighters reached 65 percent containment on a fire that broke out June 9 at a Thompson Hardwoods wood processing facility in Hazlehurst when a load of lumber was pulled out of a drying kin and strong winds spread embers from that load to other lumber in the warehouse. An office building and a warehouse, including the lumber contained within, were also destroyed by the fire. Source: http://www.walb.com/story/25727565/hazlehurst-lumberyard-burns-on-helicopter-enroute


 • Authorities are investigating the source of a Salmonellosis outbreak linked to Proper Restaurant in Boone, North Carolina, that sickened at least 37 individuals as of June 9. – Wautauga Democrat 

16. June 9, Watauga Democrat – (North Carolina) 37 report Salmonellosis symptoms. Authorities are investigating the source of a Salmonellosis outbreak linked to Proper Restaurant in Boone, North Carolina, that sickened at least 37 individuals as of June 9. Source: http://www2.wataugademocrat.com/News/story/UPDATE-Health-department-37-report-Salmonellosis-symptoms-id-015223


Financial Services Sector

5. June 10, Securityweek – (International) Zeus alternative “Pandemiya” emerges in cybercrime underground. Researchers with RSA identified a completely new banking trojan known as Pandemiya that has several typical banking fraud tools as well as a modular design. The trojan does not share any code in common with other banking fraud toolkits and has appeared for sale on underweb marketplaces. Source: http://www.securityweek.com/zeus-alternative-pandemiya-emerges-cybercrime-underground

6. June 9, Orlando Sentinel – (Florida) Feds charge Longwood man in $76 million fraud scheme. Federal authorities announced June 9 that a Longwood man who operated United Credit Recovery was arrested on charges that he allegedly ran the company as a $76 million fraud and bribery scheme. Authorities allege that the man would forge documentation from banks on overdraft debt in order to sell the debt as debt of a higher quality, and that he also paid over $1 million in bribes to a U.S. Bank official to obtain insider information. Source: http://www.orlandosentinel.com/news/local/breakingnews/os-united-credit-recovery-fraud-scheme-20140609,0,2404997.story

7. June 9, U.S. Attorney’s Office, Eastern District of New York – (New York) Fund manager arrested and charged in $17 million Ponzi scheme. A St. James, New York fund manager was arrested and charged June 9 for allegedly running a $17 million Ponzi scheme that operated between January 2000 and June 2009 and raised funds from at least 74 investors. Source: http://www.fbi.gov/newyork/press-releases/2014/fund-manager-arrested-and-charged-in-17-million-ponzi-scheme

For another story, see item 27 below in the Information Technology Sector

Information Technology Sector

25. June 10, V3.co.uk – (International) Clandestine Fox hackers spreading malware via Facebook, Twitter and LinkedIn. FireEye researchers detected a new attack campaign by a group known as Clandestine Fox which uses malicious attachments in social media and email messages to spread malware. The attackers behind the campaign previously utilized a vulnerability that affected multiple versions of Internet Explorer before a patch was issued by Microsoft. Source: http://www.v3.co.uk/v3-uk/news/2349226/clandestine-fox-hackers-spreading-malware-via-facebook-twitter-and-linkedin

26. June 9, Threatpost – (International) ‘Red button’ attack could compromise some smart TVs. Researchers with Columbia University’s Network Security Lab reported that a vulnerability in the Hybrid Broadcast Broadband Television (HbbTV) feature in some smart TVs could allow attackers to steal personal information, access home networks, and perform denial of service (DoS) attacks by luring users to a compromised channel. Source: http://threatpost.com/red-button-attack-could-compromise-some-smart-tvs/106547

27. June 9, Securityweek – (International) Zeus malware control panel vulnerable: Websense. Websense researchers published information and a proof-of-concept that illustrate how the control panel for the Zeus banking trojan can be compromised by uploading a customized file to the command and control server. Source: http://www.securityweek.com/zeus-malware-control-panel-vulnerable-websense

28. June 9, Securityweek – (International) Majority of comment spam generated by small number of attackers: Imperva. Imperva released their June Hacker Intelligence Initiative report, which found that during the report’s 2-week survey period in September 2013, 28 percent of attack sources generated 80 percent of traffic associated with comment spam, among other findings. Source: http://www.securityweek.com/majority-comment-spam-generated-small-number-attackers-imperva

29. June 9, SC Magazine – (International) Possibly 350K ransomware infections, $70K earned, in Dropbox phishing scheme. Researchers with PhishMe found that an ongoing phishing campaign utilizing links to Dropbox may have infected almost 350,000 systems with the Cryptowall ransomware, bringing in over $70,000 in Bitcoins of ransom for the attackers. Source: http://www.scmagazine.com/possibly-350k-ransomware-infections-70k-earned-in-dropbox-phishing-scheme/article/353559/

For additional stories, see item 4 below from the Defense Industrial Base Sector and item 5 above in the Financial Services Sector

4. June 10, Securityweek – (International) Cyber spies targeting U.S. defense, tech firms linked to China’s PLA: Report. Researchers at CrowdStrike released a report on a cyberespionage group dubbed Putter Panda that has primarily targeted U.S, Japanese, and European aerospace, satellite, and communications industries and appears to be tied to the Chinese People’s Liberation Army’s Unit 61486. The group has been active since at least 2007 and mostly relies on custom malware that exploits vulnerabilities in popular software, according to the report. Source: http://www.securityweek.com/cyber-spies-targeting-us-defense-tech-firms-linked-chinas-pla-report

Communications Sector

See item 4 above from the Defense Industrial Base Sector