Friday, October 17, 2014



Complete DHS Report for October 17, 2014

Daily Report

Top Stories

 · Researchers identified a spam campaign dubbed “Wolf of Wall Street” that uses botnets to send out emails encouraging penny stock investors to purchase stocks of Canada-based Confederation Minerals Ltd., which has resulted in the transaction volume of the company increasing to 1,620,000 shares from 10,000 shares within 3 days. – Softpedia See item 3 below in the Financial Services Sector

 · Three Texas schools and two Ohio schools were closed October 16 due to health concerns after a number of students and staff members traveled on an October 13 flight with a patient who tested positive for Ebola. – WFAA 8 Dallas; WKYC 3 Cleveland 

17. October 16, WFAA 8 Dallas; WKYC 3 Cleveland – (Ohio; Texas) Schools in Ohio, Texas close amid Ebola scare. Three Central Texas schools and two Ohio schools were closed October 16 as a precaution due to health concerns after a number of students and staff members traveled on an October 13 flight with a patient who tested positive for Ebola. The schools and buses are undergoing thorough disinfecting and cleaning while the students and staff were isolated for monitoring. Source: http://www.wtsp.com/story/news/health/2014/10/16/belton-students-class-canceled-ebola/17344401/

 · Two sergeants and a suspect were injured in a shooting spree that stretched across three Snohomish County, Washington cities October 15 targeting police officers, patrol cars, and police stations. – KIRO 7 Seattle 

23. October 16, KIRO 7 Seattle – (Washington) Snohomish County shooting spree targets police, two sergeants injured. Two sergeants and a suspect were injured in a shooting spree that stretched across three Snohomish County cities October 15 targeting police officers, patrol cars, and police stations. The suspect and a sergeant from the Marysville Police Department exchanged gunfire before the suspect surrendered after shooting several rounds into patrol cars, the Granite Falls Police Station, and the Lake Stevens Police Department. Source: http://www.kirotv.com/news/news/snohomish-county-shooting-spree-targets-police-inj/nhkLk/

 · A group of security and IT firms began a campaign to detect and remediate malware installations belonging to a cyberespionage campaign targeting governments, financial services institutions, and the education sector since 2010. – The Register (See item 26)

26. October 15, The Register – (International) FireEye, Microsoft, Cisco team up to take down RAT-flinging crew. A group of security and IT firms led by Novetta began a coordinated campaign to detect and remediate malware installations belonging to a cyberespionage campaign targeting policy groups, governments, financial services institutions, the education sector, and think tanks since 2010. The cyberespionage group uses several tools including Moudoor, a derivative of the Gh0st RAT remote access trojan, and the Hikiti malware used to control compromised systems. Source: http://www.theregister.co.uk/2014/10/15/china_cyberespionage_takedown_by_microsoft_cisco/

Financial Services Sector

3. October 16, Softpedia – (International) Botnets used in “Wolf of Wall Street” spam campaign. Researchers with Bitdefender identified a spam campaign dubbed “Wolf of Wall Street” that uses botnets to send out promotional emails encouraging penny stock investors to purchase stocks of Canada-based Confederation Minerals Ltd., which has resulted in the transaction volume of the company increasing to 1,620,000 shares from 10,000 shares within 3 days. The spam campaign is the largest recorded in 2014 and the attackers behind it stand to profit by selling stocks after inflating the prices. Source: http://news.softpedia.com/news/Botnets-Used-In-Wolf-of-Wall-Street-Spam-Campaign-462308.shtml

4. October 15, U.S. Attorney’s Office, District of New Jersey – (New Jersey) Middlesex, N.J., woman pleads guilty to conspiring to defraud the U.S. Treasury Department of nearly $1 million. A Middlesex, New Jersey woman pleaded guilty October 15 to conspiring with others to obtain and cash stolen income tax refund checks, defrauding the U.S. Department of the Treasury of approximately $940,000. A co-conspirator who worked as a head teller at a Perth Amboy bank previously pleaded guilty to her role in the fraud. Source: http://www.justice.gov/usao/nj/Press/files/Valerio,%20Rosemary%20Plea%20PR.html

For additional stories, see items 26 above in Top Stories and 32 below from the Commercial Facilities Sector

32. October 15, Softpedia – (International) Cyberswim announces data breach lasting for more than three months. Cyberswim Inc., notified customers who made purchases on its Web site between May 12 and August 28 that their personal information, including payment card data, may have been compromised after officials confirmed that malicious software was installed on the company’s network, granting attackers access to the data. Cyberswim updated its Web site code and issued a password reset command to block the intruders’ access to the network. Source: http://news.softpedia.com/news/Cyberswim-Announces-Data-Breach-Lasting-For-More-Than-Three-Months-462237.shtml

Information Technology Sector

24. October 16, Securityweek – (International) Attackers abuse UPnP devices in DDoS attacks, Akamai warns. Researchers at Akamai Technologies reported that attackers have increasingly used the Simple Service Discovery Protocol (SSDP) that comes enabled on Universal Plug and Play (UPnP) devices to launch reflection and amplification distributed denial of service (DDoS) attacks starting in July. The researchers found that 4.1 million Internet-facing devices could be used in this type of DDoS attack. Source: http://www.securityweek.com/attackers-abuse-upnp-devices-ddos-attacks-akamai-warns

25. October 16, Help Net Security – (International) New OpenSSL updates fix POODLE, DoS bugs. The OpenSSL Project released updates to OpenSSL that close four serious vulnerabilities, including the POODLE issue and two memory leak issues that could be used to launch denial of service (DoS) attacks against servers. Source: http://www.net-security.org/secworld.php?id=17503

26. October 15, The Register – (International) FireEye, Microsoft, Cisco team up to take down RAT-flinging crew. A group of security and IT firms led by Novetta began a coordinated campaign to detect and remediate malware installations belonging to a cyberespionage campaign targeting policy groups, governments, financial services institutions, the education sector, and think tanks since 2010. The cyberespionage group uses several tools including Moudoor, a derivative of the Gh0st RAT remote access trojan, and the Hikiti malware used to control compromised systems. Source: http://www.theregister.co.uk/2014/10/15/china_cyberespionage_takedown_by_microsoft_cisco/

27. October 15, Threatpost – (International) Drupal fixes highly critical SQL injection flaw. Drupal issued a patch for its popular content management system (CMS) that closes a critical SQL injection vulnerability affecting version 7.x. The vulnerability could allow an unauthenticated user to perform arbitrary SQL execution and all users were advised to update their installations as soon as possible. Source: http://threatpost.com/drupal-fixes-highly-critical-sql-injection-flaw/108861

For another story, see item 3 above in the Financial Services Sector

Communications Sector

28. October 15, WJAC 6 Johnstown – (Pennsylvania) Power outage shuts down 911 service in Elk County. A damaged fiber optic cable disrupted landline service for hundreds of customers in Elk County for several hours October 15 before crews were able to restore service. Source: http://www.wjactv.com/news/features/top-stories/stories/power-outage-shuts-down-911-service-elk-county-3965.shtml