Thursday, February 19, 2015



Complete DHS Report for February 19, 2015

Daily Report

Top Stories
 
 · A Russian national was charged February 17 in the U.S. for his alleged involvement in a scheme that stole more than 160 million credit card numbers resulting in hundreds of millions of dollars in losses to consumers and financial institutions. – Tribune Washington Bureau See item 4 below in the Financial Services Sector

· Snow removal operations in Boston continued February 18 after a series of winter storms that added additional delays and cancellations to the State’s transit system. – Boston Globe

8. February 17, Boston Globe – (Massachusetts) Cancellations, delays stack up on commuter rail. Full-scale snow removal operations in Boston continued and a parking ban in the city was expected to be lifted February 18 after the latest of a series of winter storms dumped snow that added additional delays and cancellations to the Massachusetts Bay Transportation Authority’s (MBTA) transit system which already was already providing limited service. An MBTA representative warned that it could take up to 30 days to restore full service on the public transit system. Source: https://www.bostonglobe.com/metro/2015/02/17/mbta-commuters-face-hurdles-workweek-resumes/onVl30TkQBpbP9tYSCGqrN/story.html

· A state of emergency was declared in Tennessee February 16 due to deteriorating road conditions and major traffic issues caused by a winter storm that swept across the State. – Nashville Tennessean

10. February 17, Nashville Tennessean – (Tennessee) Tennessee declares state of emergency as roads deteriorate. A state of emergency was declared in Tennessee February 16 due to deteriorating road conditions and major traffic issues caused by a winter storm that swept across the State. The Tennessee Emergency Management Agency activated its emergency management plan and the Tennessee National Guard deployed to several counties to aid with interstate crashes and perform motorist wellness checks. Source: http://www.tennessean.com/story/news/2015/02/16/tennessee-declares-state-emergency-roads-deteriorate/23534741/

· Researchers reported that a cyber-espionage group has used spear-phishing and other techniques to deliver two backdoors though 100 malware samples to infect Windows PCs and Android devices of targets based in several countries. – Securityweek See item 31 below in the Information Technology Sector

Financial Services Sector

4. February 18, Tribune Washington Bureau – (International) Accused Russian hacker to face charges in US court. A Russian national was extradited to the U.S. and charged February 17 in New Jersey for his alleged involvement in an international scheme that stole more than 160 million credit card numbers resulting in hundreds of millions of dollars in losses to consumers and financial institutions including Dow Jones, 7-Eleven, Nasdaq, Visa, and JetBlue. The suspect, arrested in the Netherlands in 2012, allegedly hacked victims’ networks to gain access to usernames and passwords, credit card and personal identifiable information, and sold them to resellers around the world. Source: http://www.msn.com/en-us/news/crime/accused-russian-hacker-to-face-charges-in-us-court/ar-BBhHvhz

5. February 17, Kingston Daily Freeman – (New York) Fire badly damages Key Bank branch in Phoenicia; vault contents, customer records OK. The Key Bank branch in Phoenicia, New York, issued a statement that all client information and vault contents were secure February 17 after a February 16 fire caused extensive damage to the structure. The cause of the fire remains under investigation, and the bank is closed indefinitely until officials can repair the damage. Source: http://www.dailyfreeman.com/general-news/20150217/fire-badly-damages-key-bank-branch-in-phoenicia-vault-contents-customer-records-ok\

6. February 17, Softpedia – (International) Vawtrak trojan downloaded via malicious macro for Microsoft Word. Trend Micro security researchers discovered a new cyber criminal campaign targeting banks including Bank of America, Barclays, Citibank, HSBC, Lloyd’s Bank, and J.P. Morgan with emails containing malicious macro-enabling Microsoft Word documents that install the Vawtrak banking trojan by downloading a batch file, a visual basic scripting edition (VBS script), and Powershell file. The malware serves clients modified pages to trick them into providing log in data for Microsoft Outlook, Google Chrome, Mozilla Firefox, and file transfer protocol (FTP) clients. Source: http://news.softpedia.com/news/Vawtrak-Trojan-Downloaded-Via-Malicious-Macro-for-Microsoft-Word-473438.shtml

7. February 16, Help Net Security – (International) Banking trojan Dyreza sends 30,000 malicious emails in one day. Bitdefender security researchers discovered that 30,000 malicious emails containing the banking trojan Dyreza were sent in one day to customers of banks including HSBC, NatWest, Barclays, RBS, Lloyds Bank, and Santander from servers in the U.K., France, Turkey, Russia, and the U.S. The trojan allows hackers to covertly steal credentials and manipulate accounts. Source: http://www.net-security.org/malware_news.php?id=2964

For another story, see item 28 below in the Information Technology Sector

Information Technology Sector

27. February 18, Softpedia – (International) Author of Android Xbot malware includes curse at AV companies. Avast security researchers discovered that the Xbot Android malware infected over 2,570 installations in 350 unique files through third-party marketplaces since the beginning of February. The malware persistently runs on infected devices, has the capability to download content to command and control (C&C) servers, and primarily focuses on capturing, reading, and writing short text messages. Source: http://news.softpedia.com/news/Author-of-Android-Xbot-Malware-Includes-Curse-At-AV-Companies-473509.shtml

28. February 18, Help Net Security – (International) Credit card info stolen in BigFish Games site compromise. BigFish Games reported that the personal and financial information of some of its customers that made purchases between December 24, 2014 and January 8 may have been compromised after the company discovered malware installed on the billing and payment pages of their Web site January 12. Affected customers were notified of the breach February 11, and the company removed the malware and has taken steps to prevent the malware from being reinstalled. Source: http://www.net-security.org/secworld.php?id=17964

29. February 17, Softpedia – (International) Siemens fixes security flaws in Simatic Step 7 (TIA Portal). Siemens patched two minor and two more severe vulnerabilities due to glitches in Simatic Step 7 that allowed hackers to possibly learn user passwords, escalate privileges, or hijack and intercept industrial communication on TCP port 102. Source: http://news.softpedia.com/news/Siemens-Fixes-Security-Flaws-in-Simatic-Step-7-TIA-Portal-473410.shtml

30. February 17, Help Net Security – (International) Flaw in Netgear Wi-Fi routers exposes admin password, WLAN details. A network engineer discovered and notified Netgear support that certain versions of the brand’s WNDR3700v4, WNR2200, and WNR2500 home wireless routers contain a vulnerability in the embedded simple object access protocol (SOAP) service that could allow unauthenticated remote and locally-connected attackers to obtain the administrator password, device serial number, WLAN details, and various information related to clients connected to the device. Source: http://www.net-security.org/secworld.php?id=17959

31. February 17, Securityweek – (International) Arabic threat group attacking thousands of victims globally. Kaspersky Lab security researchers reported that “Desert Falcons,” the first known full-scale Arabic cyber-espionage group, has used spear-phishing and social engineering techniques to deliver two backdoors though 100 malware samples to infect Windows PCs and Android devices of targets based in Egypt, Palestine, Israel, Jordan, the U.S., and other countries for at least 2 years. The malware has full-backdoor capability as well as the capability to steal call and SMS logs in Android versions, and attackers have targeted victims from political, military, government individuals and organizations, media outlets, energy and utility providers, physical security companies, and others holding geopolitical information. Source: http://www.securityweek.com/arabic-threat-group-attacking-thousands-victims-globally

For additional stories, see items 4, 6, and 7 above in the Financial Services Sector

Communications Sector

32. February 17, Fierce Wireless – (National) T-Mobile recovers from service disruptions in the Northeast. T-Mobile service in the Northeast region of the U.S. was restored after several hours February 13 following a network disruption that resulted in intermittent service, loss of high-speed data reception, and the ability to make voice calls. The cause of the outage was not disclosed. Source: http://www.fiercewireless.com/story/t-mobile-recovers-service-disruptions-northeast/2015-02-17

For another story, see item 31 above in the Information Technology Sector