Wednesday, May 6, 2015



Complete DHS Report for May 6, 2015

Daily Report

Top Stories

 · The Youngstown, Ohio wastewater treatment plant was evacuated May 4 when liquid chlorine began leaking from a pipe as workers were trying to switch one-ton tanks of the chemical, causing a loss of about 500 pounds of the substance. – WKBN 27 Youngstown

13. May 4, WKBN 27 Youngstown – (Ohio) Chlorine leak stopped at Youngstown wastewater plant. The Youngstown wastewater treatment plant in Ohio was evacuated May 4 when liquid chlorine began leaking from a pipe as workers were trying to switch one-ton tanks of the chemical, causing a loss of about 500 pounds of the substance. Residents near the facility were ordered to shelter-in-place while crews remained in the building until the liquid chlorine warmed up and dissipated after it froze into large puddles on the floor instead of evaporating into the air. Source: http://wkbn.com/2015/05/04/chlorine-leak-causes-evacuation-at-youngstown-water-plant/

 · A water line rupture forced 13 schools in Donna, Texas, to close May 4 after water was shut off to schools in the district while crews worked to repair the break. – McAllen Monitor

16. May 4, McAllen Monitor – (Texas) Boil water notice in effect for Donna after water line break. A water line rupture forced 13 schools in Donna, Texas, to close May 4 after water was shut off to the schools in the district while crews worked to repair the break. The city was issued a boil water advisory until further notice due to low water pressure. Source: http://www.themonitor.com/news/local/water-line-break-forces-several-donna-schools-to-close-for/article_551858ec-f26f-11e4-8e18-7381ac34f76d.html

 · Operations at the Beltsville, Maryland fire station were moved to a neighboring station indefinitely after the station was closed when 300 gallons of kitchen waste was discovered May 1 due to a broken sewage pipe. – WUSA 9 Washington, D.C.

20. May 4, WUSA 9 Washington, D.C. – (Maryland) 300 gallons of sewage closes Beltsville fire station. Personnel and operations at the Beltsville fire station in Maryland were moved to the Calvert Station indefinitely after the station was closed when 300 gallons of kitchen waste was discovered underneath the kitchen floor May 1 due to a broken sewage pipe. Officials reported that repairs were underway. Source: http://www.wusa9.com/story/news/local/maryland/2015/05/04/sewage-leak-beltsville-fire-house/26867425/

 · A May 4 fire at a strip shopping center in Hollywood, Florida, destroyed three businesses and damaged two others, while smoke filled about six additional businesses that were safely evacuated. – South Florida Sun-Sentinel

26. May 5, South Florida Sun-Sentinel – (Florida) Fire rips through Hollywood shopping center, destroys three businesses. A May 4 fire at a strip shopping center in Hollywood, Florida, destroyed three businesses and damaged two others, while smoke filled about six additional businesses that were safely evacuated. Firefighters remained at the scene May 5 to extinguish hot spots, while officials launched an investigation into the cause of the blaze. Source: http://www.sun-sentinel.com/local/broward/hollywood/fl-hollywood-plaza-fire-20150504-story.html

Financial Services Sector

4. May 4, KMGH 7 Denver – (Colorado) Longhorn Bandit strikes again: Suspect robs credit union in Broomfield; 9th target, FBI says. Denver authorities are searching for a suspect dubbed the “Longhorn Bandit” who is allegedly responsible for six bank robberies, one casing, and two attempted robberies in the area since February. The suspect’s most recent robbery included a Public Service Credit Union branch in Broomfield May 4. Source: http://www.thedenverchannel.com/news/local-news/longhorn-bandit-strikes-again-suspect-robs-credit-union-in-broomfield-9th-target-fbi-says05042015

For another story, see item 24 below in the Information Technology Sector

Information Technology Sector

22. May 5, Help Net Security – (International) New AlphaCrypt ransomware delivered via Angler EK. Security researchers at Webroot and Rackspace discovered and determined that a new form of ransomware resembling TeslaCrypt and CryptoWall, dubbed AlphaCrypt, is being delivered via the Angler exploit kit (EK). Researchers stated that it differs from other ransomware variants by deleting volume snapshot services (VSS) and executing quietly in background processes to avoid detection. Source: http://www.net-security.org/malware_news.php?id=3033

23. May 5, Help Net Security – (International) New infostealer tries to foil analysis attempts by wiping hard drive. Security researchers from Cisco discovered a new information-stealing trojan dubbed Romberik, which is being delivered via spoofed emails purporting to be from the “Windows Corporation,” and hooks into users’ browsers to read credentials and other sensitive information for exfiltration to an attacker-controlled server. If the trojan detects an analysis attempt, it attempts to destroy the affected computer’s hard disk by overwriting the system’s master boot record (MBR). Source: http://www.net-security.org/malware_news.php?id=3032

24. May 5, IDG News Service – (International) Cybercriminals borrow from APT playbook in attack against PoS vendors. Security researchers at RSA and FireEye reported cybercriminals began mimicking cyberespionage advanced persistent threat (APT) groups by deploying spear-phishing campaigns designed to infect point-of-sale PoS payment systems. The attacks delivered the Vawtrak banking trojan and a new document-based exploit kit (EK) called Microsoft Word Intruder (MWI). Source: http://www.networkworld.com/article/2918733/cybercriminals-borrow-from-apt-playbook-in-attack-against-pos-vendors.html#tk.rss_all

25. May 5, Help Net Security – (International) Crimeware infects one-third of computers worldwide. The Anti-Phishing Working Group (APWG) reported that 23.5 million malware variants were detected in the fourth quarter of 2014, setting a new record that was up 59 percent from the second quarter of 2014. According to researchers, the retail/service industry was the most targeted sector, specifically through payment services. Source: http://www.net-security.org/secworld.php?id=18346

Communications Sector

Nothing to report