Thursday, January 8, 2015



Complete DHS Report for January 8, 2015

Daily Report

Top Stories

 · A January 7 fire at an Appalachian Forest Products lumber plant in Mosheim, Tennessee, consumed 2 buildings and prompted the evacuation of 3 Greene County schools due to concerns of a chemical release. – WJHL 11 Johnson City

10. January 7, WJHL 11 Johnson City – (Tennessee) Crews battle fire at Mosheim lumber facility; nearby students bused to other schools. A January 7 fire at an Appalachian Forest Products lumber plant in Mosheim consumed two buildings and prompted a HAZMAT team response due to concerns of a chemical release caused by explosive chemicals at the wood chopping business. Three Greene County schools were evacuated and students were relocated to another school as a precaution while crews responded to the blaze. Source: http://www.wjhl.com/story/27780382/multiple-units-called-in-to-battle-fire-at-mosheim-lumber-company

 · A gunman died from a self-inflicted gunshot wound after fatally shooting a doctor at the El Paso VA Health Care System clinic in west Texas January 6. – USA Today

16. January 7, USA Today – (Texas) Gunman, one other dead after El Paso VA shooting. A gunman died from a self-inflicted gunshot wound after shooting and killing a doctor at the El Paso VA Health Care System clinic in west Texas January 6. Police secured the scene and the clinic will remain closed January 7. Source: http://www.usatoday.com/story/news/nation/2015/01/06/active-shooter-reported-at-el-paso-military-hospital/21358703/

 · Over 300 vehicle crashes, including 30 involving school buses, were reported in Virginia January 6 following a winter storm that dumped several inches of snow on untreated roads. – InsideNova.com

20. January 6, InsideNova.com – (Virginia) Dozens of school buses involved in crashes Tuesday morning. Over 300 vehicle crashes, including 30 involving school buses, were reported in Virginia January 6 following a winter storm that dumped several inches of snow on untreated roads. A number of counties also cancelled classes or issued delays for students. Source: http://www.insidenova.com/headlines/major-school-districts-open-on-time-during-snow-lawmaker-calls/article_204ac052-95b6-11e4-8dd9-73640a723ffc.html

 · Authorities are investigating after an improvised explosive device detonated against the building that houses the office for the Colorado Springs, Colorado chapter of the National Association for the Advancement of Colored People (NAACP) January 6. – Denver Post

27. January 7, Denver Post – (Colorado) "Improvised explosive device" set off near Colorado Springs NAACP office. Authorities are investigating after an improvised explosive device detonated against the building that houses the office for the Colorado Springs chapter of the National Association for the Advancement of Colored People (NAACP) January 6. Police are searching for a potential person of interest and are examining evidence from the scene. Source: http://www.denverpost.com/news/ci_27267521/colorado-springs-police-responding-explosion-reports-at-naacp

Financial Services Sector

4. January 7, Newnan Times-Herald – (Georgia) Forged gift card arrest made in Grantville. Police in Grantville arrested a man after a search during a traffic stop yielded 210 fraudulent gift cards and other items January 4. Police believe that there may be a connection between the man and three others arrested the week of December 28 due to the same types of forged cards and cartons of cigarettes in their possession. Source: http://www.times-herald.com/Local/20140107-forged-gift-card-arrest

5. January 7, Securityweek – (International) New Emotet variant targets banking credentials of German speakers. Researchers with Microsoft identified a new variant of the Emotet banking malware dubbed Trojan:Win32/Emotet.C which was first seen in November and currently targets German-speaking individuals in several European countries. The malware is capable of stealing online banking login information as well as login information for email and messaging services. Source: http://www.securityweek.com/new-emotet-variant-targets-banking-credentials-german-speakers

6. January 6, Krebs on Security – (International) Thieves jackpot ATMs with ‘Black Box’ attack. Researchers with NCR analyzed an attack on an ATM utilizing USB devices and physical access to disconnect an ATM from its computer and issue remote commands to the cash dispenser. The attack used a smartphone to issue commands from a remote attacker through a dynamic IP service, and a second USB device designed to trick the ATM into thinking it was still connected to its original computer. Source: https://krebsonsecurity.com/2015/01/thieves-jackpot-atms-with-black-box-attack/

Information Technology Sector

21. January 7, Help Net Security – (International) HuffPo visitors targeted with malvertising, infected with ransomware. Cyphort Lab researchers identified a malvertising campaign that placed malicious ads on the Web sites of the Huffington Post and Gamezone.com by abusing the advertising.com ad network. The campaign began December 31 and used the Neutrino or Sweet Orange exploit kits to attempt to serve the Kovter ransomware. Source: http://www.net-security.org/malware_news.php?id=2936

22. January 7, Securityweek – (International) CryptoWall 2.0 ransomware capable of executing 64-bit code: Cisco. Researchers with Cisco’s Talos Group published an analysis of the CryptoWall 2.0 ransomware and found that it contains several anti-sandbox and anti-security features, as well as the ability to run 64-bit code from a 32-bit dropper, among other findings. Source: http://www.securityweek.com/cryptowall-20-ransomware-capable-executing-64-bit-code-cisco

23. January 6, Securityweek – (International) Wi-Fi password phishing attacks automated with new tool. A researcher released a tool dubbed Wifiphisher that can automate WiFi network password phishing by deauthenticating users, setting up a matching rogue access point using the target’s settings, and the performing a man-in-the-middle (MitM) attack using a fake firmware update notification. Source: http://www.securityweek.com/wi-fi-password-phishing-attacks-automated-new-tool

24. January 6, Softpedia – (International) Microsoft warns of malicious macros targeting users in the UK and the US. Microsoft stated that it has observed two pieces of malware being spread via malicious emails that attempts to get users to enable macros in Microsoft Office programs in order to infect computers. The campaigns attempt to distribute the Adnel and Tarbir malware and have primarily targeted users in the U.S. and U.K. Source: http://news.softpedia.com/news/Microsoft-Warns-of-Malicious-Macros-Targeting-Users-in-the-UK-and-the-US-469139.shtml

For another story, see item 5 above in the Financial Services Sector

Communications Sector

25. January 6, iFIBER ONE News – (Washington) Wilson Creek lost phone service after rodents chewed through line. CenturyLink reported that 222 lines were cut and 9-1-1 service in Wilson Creek was lost January 5 due to rodents chewing on fiber optic cable. Service was restored January 6. Source: http://www.ifiberone.com/news/wilson-creek-lost-phone-service-after-rodents-chewed-through-line/article_06a548ea-95e1-11e4-b46d-9f5a33d0ce5d.html

26. January 6, WKRK 1320 AM Murphy – (North Carolina) Copper thieves to blame for recent telephone interruption. Copper cables were stolen from Frontier Communications in Nantahala January 2 and Needmore December 30, disrupting communication services. Frontier Communications is working with law enforcement and scrap metal dealers to identify the culprits. Source: http://www.1320am.com/copper-thieves-to-blame-for-recent-telephone-interruption/