Wednesday, October 8, 2014



Complete DHS Report for October 8, 2014

Daily Report

Top Stories

 · Researchers identified a new banking trojan botnet known as Qbot or Qakbot that has infected 500,000 systems and stolen data from users including 800,000 online banking transactions. – The Register See item 5 below in the Financial Services Sector

 · A fire at the Grove Field Airport in Camas, Washington, caused more than $1 million in damage to 10-12 small aircrafts and burned 12-14 hangars October 6. – KOIN 6 Portland 

7. October 7, KOIN 6 Portland – (Washington) Grove Field Airport fire: Airplanes destroyed. A fire at the Grove Field Airport in Camas, Washington, caused more than $1 million in damage to 10-12 small aircrafts and burned 12-14 hangars October 6. The cause of the fire is under investigation and the airport remained closed October 7. Source: http://koin.com/2014/10/06/2nd-alarm-fire-breaks-out-at-grove-field-airport/

 · Stores and restaurants at a Hillsdale, New Jersey strip mall were closed indefinitely and officials marked the building as an unsafe structure October 6 after a dump truck crashed through pavement and into an underground garage beneath the strip mall October 3. – Bergen County Record

32. October 6, Bergen County Record – (New Jersey) Hillsdale strip mall still closed, days after dump truck crash. Stores and restaurants at a Hillsdale strip mall were closed indefinitely and officials marked the building as an unsafe structure October 6 after a dump truck crashed through pavement and into an underground garage beneath the strip mall October 3. No injuries were reported, and authorities cordoned off the entire strip mall while engineers continue to inspect the building for structural damage. Source: http://www.northjersey.com/news/hillsdale-strip-mall-still-closed-days-after-dump-truck-crash-1.1103697

 · Utility crews restored service to all businesses and homes in Waco, Texas, October 5 following strong storms October 1 that knocked out power and damaged several apartment and commercial buildings. – KWTX 10 Waco 

34. October 5, KWTX 10 Waco – (Texas) Power restored to most homes, businesses in Waco. Utility crews restored service to all businesses and homes in Waco October 5 following strong storms October 1 that downed trees and knocked out power to thousands of customers. Officials reported that the storm damaged 11 apartment buildings, 52 commercial and non-profit structures, and 1 church. Source: http://www.kwtx.com/home/headlines/Severe-Weather-Causes-Damage-Across-Central-Texas-277966301.html

Financial Services Sector

5. October 7, The Register – (International) Monster banking trojan botnet claims 500,000 victims. Researchers with Proofpoint identified a new banking trojan botnet known as Qbot or Qakbot that has infected 500,000 systems and stolen data from users including 800,000 online banking transactions, with 59 percent of the stolen sessions taken from accounts in major U.S. banks. The researchers found that the malware for the botnet was launched from compromised WordPress sites using drive-by download attacks. Source: http://www.theregister.co.uk/2014/10/07/monster_banking_trojan_botnet_claims_500000_victims/

6. October 7, NJ.com – (New Jersey; Florida) Defendants from Essex, Ocean counties convicted in $15M mortgage fraud scheme. Two siblings in New Jersey were found guilty October 6 for their roles in a $15 million mortgage fraud scheme that inflated the sales prices of distressed condos in Naples, Florida, and several locations in New Jersey and used straw buyers to defraud lending institutions. One of the siblings assisted the scheme while working as a title agent at Tri-State Title Agency while the other served as a straw buyer. Source: http://www.nj.com/essex/index.ssf/2014/10/brother_sister_from_essex_county_convicted_for_roles_in_15m_mortgage_fraud_scam.html

Information Technology Sector

24. October 7, Securityweek – (International) Bugzilla vulnerability exposes undisclosed bugs. The developers of the Bugzilla bug-tracking software released an update to address several security issues, including one reported by Check Point Software Technologies researchers that could allow an attacker to bypass the email validation process and potentially receive information on undisclosed security issues. Source: http://www.securityweek.com/bugzilla-vulnerability-exposes-undisclosed-bugs

25. October 7, Securityweek – (International) Yahoo! changes tune after saying servers were hacked by Shellshock. Yahoo reported October 6 that some servers that were recently compromised were not compromised using the Shellshock vulnerability but instead by a bug in a parsing script used on some servers. Source: http://www.securityweek.com/yahoo-changes-tune-after-saying-servers-were-hacked-shellshock

26. October 6, Softpedia – (International) Trojans-SMS are top threat on Android, INTERPOL and Kaspersky say. Kaspersky Labs and INTERPOL released the results of a study of mobile security threats over a 1 year period and found that Android users were the most targeted by attackers, with SMS trojans accounting for 57.08 percent of all detections, among other findings. Source: http://news.softpedia.com/news/SMS-Trojans-Are-Top-Threat-on-Android-INTERPOL-and-Kaspersky-Say-461195.shtml

27. October 6, SC Magazine – (International) Bash bug payload downloads KAITEN DDoS malware source code. Trend Micro researchers detected a payload being delivered via attacks exploiting the Shellshock vulnerability that downloads the source code for the KAITEN distributed denial of service (DDoS) malware. Source: http://www.scmagazine.com/bash-bug-payload-downloads-kaiten-malware/article/375650/

For another story, see item 5 above in the Financial Services Sector

Communications Sector

28. October 6, Threatpost – (National) AT&T hit by insider breach. AT&T notified an undisclosed amount of customers that a former employee may have illegally accessed their personal information, including Social Security numbers and driver’s license numbers, in August. Source: http://threatpost.com/att-hit-by-insider-breach/108705

29. October 6, Redmond Reporter – (Washington) Frontier restores all copper services in Redmond. Copper voice and broadband network services for Frontier Communications customers in Redmond were restored October 3 following a September 20 outage caused by copper and fiber cables that were inadvertently cut, which severely damaged Frontier’s network infrastructure. Source: http://www.redmond-reporter.com/news/278263221.html

For another story, see item 8 below from the Transportation Sector

8. October 6, Chicago Tribune – (National) Delays at O’Hare, Midway after Indianapolis FAA outage. Over 277 flights were delayed at Chicago’s O’Hare International Airport and Midway Airport October 6 due to a telephone outage at an Indianapolis air-traffic control facility. More than 100 flights at O’Hare International Airport were also cancelled due to the outage. Source: http://www.chicagotribune.com/news/local/breaking/chi-delays-at-ohare-midway-after-indianapolis-faa-outage-20141006-story.html