Thursday, April 9, 2015



Complete DHS Report for April 9, 2015

Daily Report

Top Stories

 · An April 7 power surge temporarily knocked out electricity to a number of Federal government buildings, museums, several Metro stations, restaurants, offices, and residences in Washington, D.C. and Maryland. – Washington Post

1. April 7, Washington Post – (Washington, D.C.; Maryland) Power surge knocks out electrical service in parts of D.C. region. An April 7 power surge that occurred when a Pepco transmission conductor in Mechanicsville, Maryland, broke free and fell to the ground, temporarily knocked out electricity to the White House, U.S. Department of State, U.S. Department of Justice, a number of other government buildings, museums, several Metro stations, restaurants, offices, and residences in Washington, D.C., and prompted the closure of the University of Maryland at College Park campus. Source: http://www.washingtonpost.com/local/scattered-power-outages-reported-across-dc-area/2015/04/07/8f4e8b84-dd49-11e4-a500-1c5bb1d8ff6a_story.html

 · All seven passengers were killed when an aircraft crashed about 2 miles from the Central Illinois Regional Airport in Bloomington April 7. – Associated Press

7. April 7, Associated Press – (Illinois) Small plane crashes after NCAA title game, killing ISU coach. The Federal Aviation Administration reported that a twin-engine aircraft traveling from Indianapolis crashed about 2 miles away from the Central Illinois Regional Airport in Bloomington April 7, killing all seven passengers on board. The National Transportation Safety Board is investing the cause of the crash, and stated that the plane was cleared to land in fog and rain but apparently turned away from the approaching runway for an unknown reason before crashing. Source: http://www.nbc29.com/story/28738328/plane-returning-from-ncaa-game-crashes-in-illinois-7-dead

 · Fidelis reported that hackers have co-opted the AlienSpy remote access tool (RAT) and are spreading it via phishing messages to deliver the Citadel banking trojan and establish backdoors inside a number of critical infrastructure operations. – Threatpost See item 22 below in the Information Technology Sector


 · A report released by Trend Micro and the Organization of the American States revealed that in the last year 40 percent of 575 security leaders throughout critical infrastructure sectors had dealt with network shutdown attempts and 60 percent had faced hacking attempts aimed at stealing vital information, among other findings. – Securityweek See item 24 below in the Information Technology Sector

Financial Services Sector

3. April 7, Warwick Post – (Rhode Island) Troopers arrest Warwick man for embezzling $142K from manufacturer. Rhode Island State Police charged a Warwick man with embezzling $142,114.31 from United States Associates, LLC April 6 following allegations that the suspect was stealing and selling company inventory and keeping the proceeds for himself. An investigation found that the man was receiving checks from one of the company’s customers who had been ordering directly from him. Source: http://warwickpost.com/troopers-arrest-warwick-man-for-embezzling-142k-from-manufacturer/5876/

4. April 7, U.S. Securities and Exchange Commission – (California; Ohio) SEC charges L.A.-based Pacific West Capital Group with fraud in sale of life settlement investments. The U.S. Securities and Exchange Commission charged Los Angeles-based Pacific West Capital Group Inc., and its owner April 7 with fraud in the sale of life settlement investments for failing to disclose risks associated with the investments and for using the proceeds from the sale of new life settlements to continue funding previously sold investments, raising over $100 million from investors. Ohio-based PWCG Trust and five Pacific West sales agents were also charged in the scheme. Source: http://www.sec.gov/news/pressrelease/2015-60.html

5. April 7, WCBS 2 New York City; Associated Press – (New York) SEC files fraud charges against former Syracuse star, New York Giant player. The U.S. Securities and Exchange Commission filed civil fraud charges April 6 against a former National Football League player, his business partner, and Capital Financial Partners investment firms in connection to an alleged Ponzi scheme in which the pair paid approximately $7 million in investors’ money instead of using profits from the investments after paying out about $20 million to investors but only receiving around $13 million in loan repayments. The pair also misled investors about the terms and existence of loans and used some funds to cover personal expenses. Source: http://newyork.cbslocal.com/2015/04/07/former-syracuse-star-new-york-giant-will-allen-charged-with-running-ponzi-scheme/

For another story, see item 22 below in the Information Technology Sector

Information Technology Sector

21. April 8, Softpedia – (International) Stored XSS glitch in WP-Super-Cache may affect over 1 million WordPress sites. Security researchers from Sucuri discovered a cross-site-scripting (XSS) vulnerability in WP-Super-Cache plug-in versions prior to 1.4.4 for WordPress sites that could allow attackers to add new administrator accounts to the Web sites or inject backdoors due to improper sanitization of information originating from users. The plugin currently has over 1 million active installations and developers released a new version repairing the issue. Source: http://news.softpedia.com/news/Stored-XSS-Glitch-in-WP-Super-Cache-May-Affect-Over-1-Million-WordPress-Sites-477905.shtml

22. April 8, Threatpost – (International) New evasion techniques help AlienSpy RAT spread Citadel malware. Fidelis researchers reported that hackers have co-opted the AlienSpy remote access tool (RAT) and are spreading it via phishing messages to deliver the Citadel banking trojan and establish backdoors inside a number of critical infrastructure operations, including technology companies, financial institutions, government agencies, and energy companies. The tool has the capability to detect whether it is being executed inside a virtual machine, can disable antivirus and other security tools, and employs transport-layer security (TLS) encryption to protect communication with its command-and-control (C&C) server. Source: https://threatpost.com/new-evasion-techniques-help-alienspy-rat-spread-citadel-malware/112064

23. April 8, InfoWorld – (International) Widespread outages hit Windows 8/8.1 Metro Mail, Windows Live Mail, Windows Phone 8.1 mail. Microsoft reported that its Windows 8 and 8.1 Metro Mail, Windows Live Mail, and Windows Phone 8.1 Mail clients were experiencing widespread outages for at least 6 hours April 8 that prevented the syncing and sending of email, and that the issue is expected to be resolved within 24 hours. Source: http://www.networkworld.com/article/2907300/windows/widespread-outage-for-windows-8-8-1-metro-mail-windows-live-mail-windows-phone-8-1-mail.html

24. April 7, Securityweek – (International) Majority of critical infrastructure firms in Americas have battled hack attempts: Survey. A report released by Trend Micro and the Organization of the American States revealed that in the last year 40 percent of 575 security leaders throughout critical infrastructure sectors dealt network shut down attempts, while 44 percent faced attempts to delete files, and 60 percent faced hacking attempts aimed at stealing vital information. The survey also found that 54 percent of organizations dealt with attempts of equipment manipulation through control networks or systems. Source: http://www.securityweek.com/majority-critical-infrastructure-firms-americas-have-battled-hack-attempts-survey

25. April 7, Softpedia – (International) Fake downloads for Android vulnerability scanner lead to persistent ads. Security researchers at Trend Micro identified three fraudulent Web sites that claim to provide a tool to scan for previously-identified Android Installer hijacking vulnerabilities, which instead redirect users to risky locations that display persistent ads and install Android application package (APK) files on devices automatically. Source: http://news.softpedia.com/news/Fake-Downloads-for-Android-Vulnerability-Scanner-Lead-to-Persistent-Ads-477843.shtml

26. April 7, Securityweek – (International) Lazy remediation leaves most Global 2000 firms vulnerable after Heartbleed Flaw: Report. Venafi released new research revealing that as of April 2015, 74 percent of 1,642 Global 2000 organizations with public-facing systems vulnerable to the Open Secure Socket Layer (OpenSSL) Heartbleed flaw failed to fully remediate the risks around the flaw despite warnings and guidance. The study also found that 85 percent of the organizations’ external servers were still vulnerable and that 580,000 hosts belonging to them were not completely remediated. Source: http://www.securityweek.com/lazy-remediation-leaves-most-global-2000-firms-vulnerable-heartbleed-flaw-report

27. April 7, SC Magazine – (International) Drive-by-login attack identified and used in lieu of spear phishing campaigns. Security researchers at High-Tech Bridge reported that attackers are increasingly utilizing drive-by-logins attacks that target specific visitors to infected Web sites with vulnerabilities that they can leverage to install backdoors that deliver malware directly to users. Researchers believe that these types of attacks are likely to be used in Advanced Persistent Threat (APT) campaigns and could eventually replace phishing attacks. Source: http://www.scmagazine.com/high-tech-bridge-identifies-new-attack-method-possibly-used-by-apts/article/407805/

28. April 7, Softpedia – (International) Simple FedEx email slips malware on the computer. Researchers discovered a FedEx phishing campaign that relies on the curiosity of victims to open an attachment in an email purportedly from the company which installs a malware dropper that can steal sensitive data from the system or add it to a network of compromised computers. Source: http://news.softpedia.com/news/Simple-FedEx-Email-Slips-Malware-on-the-Computer-477837.shtml

Communications Sector

29. April 7, KREM 2 Spokane – (Washington) $200,000 in damage done to Grant Co. cell tower site. Grant County authorities are investigating after Inland Cellular reported up to $200,000 in damage to a rural cellular phone sire building near Stratford April 2 that was apparently struck by a vehicle on 3 sides of the structure. Electronic equipment housed inside the building was not damaged and cellular service was not interrupted during the incident. Source: http://www.krem.com/story/news/local/grant-county/2015/04/07/200k-in-damage-done-to-grant-co-cell-tower-site/25434199/

For another story, see item 23 above in the Information Technology Sector