Thursday, June 25, 2015




Complete DHS Report for June 25, 2015

Daily Report

Top Stories

 • Severe weather June 23 caused 200,000 power outages in New Jersey, 160,000 in Pennsylvania, 22,700 in Delaware and 20,000 in Connecticut. – NBC News

1. June 24, NBC News – (National) Northeast storms knock out power to hundreds of thousands. Severe weather June 23 caused 200,000 power outages in New Jersey, 160,000 in Pennsylvania, 22,700 in Delaware and 20,000 in Connecticut. The heavy storms also caused a total of 1,000 flight cancellations and 4,000 delays at Boston, New York, Philadelphia and Washington, D.C. airports. Source: http://www.nbcnews.com/news/weather/northeast-storms-knock-out-power-hundreds-thousands-ground-flights-n380751

 • A U.S. and Canadian dual-citizen was arrested June 23 on charges surrounding alleged securities fraud and money laundering conspiracies that generated $300 million in illegal profits. – Reuters See item 9 below in the Financial Services Sector

 • German authorities extradited a Turkish suspect to the U.S. June 23 on charges that he allegedly organized a complex bank heist of $40 million in cash from ATMs in New York and in 23 other countries in February 2013. – Bloomberg See item 13 below in the Financial Services Sector

 • The U.S. Office of Personnel Management’s director announced in a Congressional hearing June 24 that the estimated cost for recent data breaches targeting the agency could exceed $19 million. – Christian Science Monitor

26. June 23, Christian Science Monitor – (National) Price tag for OPM breach at least $19 million. The U.S. Office of Personnel Management’s director announced in a Congressional hearing June 24 the estimated cost for recent data breaches targeting the agency could exceed $19 million. The cost covers informing victims of the breach as well as credit monitoring services. Source: http://www.csmonitor.com/World/Passcode/2015/0623/Price-tag-for-OPM-breach-at-least-19-million

Financial Services Sector

9. June 23, Reuters – (National) U.S.-Canadian man charged for Cynk trades, $300 mln fraud. A U.S. and Canadian dual-citizen was arrested June 23 on charges surrounding alleged securities fraud and money laundering conspiracies that generated $300 million in illegal profits, including a pump-and-dump scheme that inflated the market value of Cynk Technology Corp to over $6 billion. The U.S. Securities and Exchange Commission filed related civil charges against the suspect. Source: http://www.reuters.com/article/2015/06/23/usa-crime-mulholland-fraud-idUSL1N0Z92FI20150623

10. June 23, WPLG 10 Miami – (International) Suspect dubbed ‘Lucky Bandit’ bank robber arrested. FBI officials reported that the suspect dubbed the “Lucky Bandit” was arrested June 23 in connection with a robbery of a Wells Fargo bank and an attempted robbery of a Citibank branch in Pembroke Pines in April. The suspect is believed to be connected to 8 bank robberies since October 2014. Source: http://www.local10.com/news/serial-bank-robber-arrested/33740676

11. June 23, U.S. Securities and Exchange Commission – (International) SEC charges unregistered brokers in EB-5 Immigrant Investor Program. The U.S. Securities and Exchange Commission charged Florida-based Ireeco LLC and its Hong Kong-based successor June 23 with allegedly illegally brokering over $79 million worth of investments by foreigners seeking U.S. residency in the U.S. Citizenship and Immigration Service’s EB-5 Immigrant Investor Program. The firms agreed to be censured and to cease and desist from similar violations in the future. Source: http://www.sec.gov/news/pressrelease/2015-127.html

12. June 23, Dark Reading – (International) Banks targeted by hackers three times more than other sectors. Raytheon and Websense released findings from a study on their customers revealing that financial services organizations, many of which are U.S. firms, are targeted three times more by cybercriminals than any other industry, and that these attacks are primarily utilizing the Rerdom, Vawtrack, and Geodo malware families, among other findings. Source: http://www.darkreading.com/attacks-breaches/banks-targeted-by-hackers-three-times-more-than-other-sectors/d/d-id/1321016

13. June 23, Bloomberg – (International) Most-wanted cybercriminal extradited to U.S. from Germany. German authorities extradited a Turkish suspect, who is considered to be one of the world’s most wanted cybercriminals, to the U.S. June 23 on charges that he allegedly organized a complex bank heist of $40 million in cash from ATMs in New York and in 23 other countries in February 2013. The suspect also reportedly stole $19 million through 25,700 ATM transactions in 20 countries from 2011 – 2012. Source: http://www.bloomberg.com/politics/articles/2015-06-23/turkish-man-accused-in-global-atm-heist-extradited-to-u-s-

14. June 22, U.S. Attorney’s Office, Eastern District of Pennsylvania – (National) RICO conspiracy charged in payday lending case. A Jenkintown, Pennsylvania was charged in an indictment unsealed June 22 with participation in a racketing conspiracy for allegedly operating a payday lending business that violated numerous State usury laws and reaped millions of dollars from illegal fees, and for allegedly helping his sons in a multi-million-dollar telemarketing scam that victimized over 70,000 people nationwide. Source: https://www.fbi.gov/philadelphia/press-releases/2015/rico-conspiracy-charged-in-payday-lending-case

For another story, see item 28 below in the Information Technology Sector

Information Technology Sector

28. June 24, Softpedia – (International) Dyre banking malware uses 285 command and control servers. Security researchers from Symantec released a report revealing that multiple groups are running at least 285 command and control (C&C) servers as well as 44 machines to deliver payloads and execute man-in-the-browser (MitB) attacks. The servers are located primarily in Ukraine and Russia but located worldwide, and are primarily targeting financial organizations in the U.S. and United Kingdom. Source: http://news.softpedia.com/news/dyre-banking-malware-uses-285-command-and-control-servers-485119.shtml

29. June 24, The Register – (International) Feds count Cryptowall cost: $18 million says FBI. The FBI reported that the U.S. Internet Crime Complaints Commission (IC3) received 992 complaints associated with the CryptoWall ransomware resulting in U.S. user and business losses of over $18 million from April 2014 – June 2015. Source: http://www.theregister.co.uk/2015/06/24/feds_count_cryptowall_cost_18_million_says_fbi/

30. June 23, Softpedia – (International) Flash Player zero-day used by Chinese Cyber-Espionage group. Security researchers from FireEye discovered that the APT3 advanced threat group is currently exploiting a zero-day Adobe Flash Player heap buffer overflow vulnerability patched by Adobe June 23. The group’s latest campaign was dubbed Operation Clandestine Wolf, and they generally target organizations from the aerospace and defense, construction and engineering, technology, telecommunications, and transportation industries. Source: http://news.softpedia.com/news/flash-player-zero-day-used-by-chinese-cyber-espionage-group-485077.shtml

31. June 23, Softpedia – (International) Cheap radio device can steal decryption keys from nearby laptop. Researchers from Israel created a palm-sized radio device that can capture decryption keys from laptops just a few feet away by intercepting bit patterns in electromagnetic emanations from the targeted machine’s central processing unit (CPU). The device can be built for about $300 from readily available components, and was able to extract decryption keys within seconds. Source: http://news.softpedia.com/news/cheap-radio-device-can-steal-decryption-keys-from-nearby-laptop-485065.shtml

32. June 23, SC Magazine – (International) Targeted attacks rise, cyber attackers spreading through networks, report says. Vectra Networks released findings from its Post-Intrusion Report of 40 customer and prospect networks revealing that non-linear growth in lateral movement of attacks increased 580 percent from 2014, that reconnaissance detections were up 270 percent, and that overall detections increased 97 percent. Vectra attributed the large uptick in detections partly to the increased accessibility of hacker tools. Source: http://www.scmagazine.com/once-in-attackers-spread-out-through-networks-research-shows/article/422382/2/

33. June 23, Dark Reading – (International) Government, Healthcare particularly lackluster in application security. Veracode released findings from its State of Software Security Report revealing that government agencies and healthcare organizations performed the worst in industry-specific software security metrics due to issues such as slow rates in addressing identified flaws and cryptographic vulnerabilities from weak algorithms, while all industries struggled with software supply chain issues, among other findings. Source: http://www.darkreading.com/application-security/government-healthcare-particularly-lackluster-in-application-security/d/d-id/1321002

34. June 23, Threatpost – (International) TCP vulnerability haunts Wind River VxWorks embedded OS. Security researchers at Georgia Tech discovered a transmission control protocol (TCP) prediction vulnerability in Wind River’s VxWorks embedded operating system (OS) used in a large number of industrial control system (ICS) products in which an attacker can leverage a predictable TCP initial sequence to spoof or disrupt connections to and from target devices. Source: https://threatpost.com/tcp-vulnerability-haunts-wind-river-vxworks-embedded-os/113429

35. June 23, Softpedia – (International) Adobe fixes Flash Player zero-day exploited in the wild. Adobe released an emergency update for its Flash Player software addressing a heap buffer overflow vulnerability that is being exploited in the wild in which an attacker could execute arbitrary code and take control of an affected system, possibly funneling in malware via drive-by download attacks. Source: http://news.softpedia.com/news/adobe-fixes-flash-player-zero-day-exploited-in-the-wild-485066.shtml

For additional stories, see items see items 12 and 13 above in the Financial Services Sector

Communications Sector

36. June 23, Surf City SandPaper – (New Jersey) Hours-long Comcast outage due to software issue, now resolved. Internet, cable, and phone services were restored to Comcast customers in northern and central New Jersey, June 23 after the system went down due to a software issue that caused an outage for several hours. Source: http://thesandpaper.villagesoup.com/p/hours-long-comcast-outage-due-to-software-issue-now-resolved/1366025

For additional stories, see items 15 below from the Transportation Systems Sector and 30 above in the Information Technology Sector

15. June 23, WFMZ 69 Allentown – (Pennsylvania) Downed power lines shut down Route 422 for more than 12 hours. Route 422 in Douglass Township reopened in both directions after being closed for more than 12 hours June 23 while crews repaired power lines that were brought down by a semi-truck and caused an electricity and phone service outage in the area. Service was restored. Source: http://www.wfmz.com/news/news-regional-berks/downed-power-lines-shut-down-route-422-for-more-than-12-hours/33737600