Friday, September 18, 2015



Complete DHS Report for September 18, 2015

Daily Report                                            

Top Stories

 • Officials announced September 14 that 5 cooling towers, power lines, and communications at the Geysers geothermal power generation facility were damaged due to the Valley Fire in California. – Los Angeles Times

3. September 14, Los Angeles Times – (California) Northern California Valley fire damages part of huge geothermal power generator. Houston-based Calpine announced September 14 that five cooling towers, power lines, and communications at the Geysers geothermal power generation facility along the Sonoma County and Lake County borders were damaged due to the Valley Fire burning in northern California. Officials reported that the damage did not impact services.

 • General Motors Co announced September 17 that it would pay $900 million and admit fault to resolve a U.S. criminal investigation into the company’s handling of defective ignition switches in its vehicles and failure to disclose the defect to customers. – Reuters

4. September 17, Reuters – (National) GM to pay $900 million to end U.S. criminal ignition switch probe. General Motors Co (GM) announced it would pay $900 million September 17 and admit fault to resolve a U.S. criminal investigation into the company’s handling of defective ignition switches in its vehicles and allegations that GM failed to disclose the defect and misled customers and the government about the safety of affected models. GM also agreed to a $575 million partial settlement in separate nationwide private and shareholder litigation. Source: http://www.reuters.com/article/2015/09/17/us-gm-probe-idUSKCN0RG2WF20150917

• Crews worked September 17 to contain the 73,700-acre Valley Fire burning in California that destroyed 585 houses and caused 3 deaths. – KRON 4 San Francisco

18. September 17, KRON 4 San Francisco – (California) Valley Fire: Body of missing reporter found; death toll rises to three. Crews worked September 17 to contain the 73,700-acre Valley Fire burning in North Bay that destroyed 585 houses and caused 3 deaths. Source: http://kron4.com/2015/09/17/valley-fire-day-6-of-the-fight-against-the-deadly-firestorm/

• Researchers confirmed that the Chinese hacking group Iron Tiger stole data from U.S. defense contractors, intelligence agencies, FBI-based partners, other government entities, and tech-based contractors in multiple industries. – Forbes See item 20 below in the Information Technology Sector

Financial Services Sector

5. September 17, Help Net Security – (International) New POS trojan created by mixing code from older malware. Security researchers from Dr. Web discovered a new trojan dubbed Trojan.MWZLesson, targeting point-of-sale (PoS) terminals to obtain bank card data from the device’s compromised random access memory (RAM), that was pieced together with parts of the Neutrino backdoor and the Dexter PoS trojan. The malware can update itself, download and execute files, find documents, and mount HyperText Transport Protocol (HTTP) Flood attacks. Source: http://www.net-security.org/malware_news.php?id=3101

6. September 16, Bloomberg News – (New York) Ex-Morgan Stanley broker pleads guilty to insider training. A former broker for Morgan Stanley pleaded guilty to charges of insider trading on insider information stolen from Simpson, Thacher & Bartlett LLP, and to fraud charges alleging he bought securities for himself, his family, his friends and business partners, gaining $5.6 million in profit from 2009 - 2013. Source: http://www.bloomberg.com/news/articles/2015-09-16/ex-morgan-stanley-broker-pleads-guilty-in-insider-trading-case

7. September 16, Reuters – (National) CVS Health in $48 million settlement of lawsuit over hiding loss. CVS Health Corp agreed to pay $48 million to resolve charges accusing the company of fraudulently concealing a $4.5 billion loss of annual revenue in its pharmacy benefits manager business, leading to a dip in stock price on November 2009. Source: http://www.reuters.com/article/2015/09/16/cvs-health-settlement-idUSL1N11M12K20150916

8. September 16, Los Angeles Times – (California) Two arrested in alleged $21 million movie investment scheme. A former insurance agent and a director were arrested on charges accusing them of a movie investment Ponzi scheme that cost more than 140 victims about $21 million, in which they allegedly solicited investors for funding for fake films through Windsor Pictures LLC, while promising returns. Source: http://www.latimes.com/entertainment/envelope/cotown/la-et-ct-movie-investment-scam-20150916-story.html

Information Technology Sector

20. September 17, Forbes – (International) Chinese-based cyber attacks on US military are ‘advanced, persistent and ongoing’: Report. Trend Micro released research confirming that the Chinese advanced persistent threat (APT) group dubbed Iron Tiger was observed stealing trillions of bytes of data from U.S. defense contractors, intelligence agencies, FBI-based partners, other government entities, and tech-based contractors in the electric, aerospace, intelligence, telecommunications, energy, and nuclear engineering industries, including Westinghouse Electric Company. The group is believed to be an iteration of Emissary Panda/Threat Group 3390, who previously focused on east-Asian political targets. Source: http://www.forbes.com/sites/lisabrownlee/2015/09/17/chinese-cyber-attacks-on-us-military-interests-confirmed-as-advanced-persistent-and-ongoing/

21. September 17, Help Net Security – (International) 80% increase of malware on Windows devices. Alcatel-Lucent released report findings revealing that 80 percent of mobile network malware infections detected in the first half of 2015 were found on Windows-based systems, that 10 of the largest threats on smartphones were mobile spyware, and that the prevalence of adware has been increasing, among other findings. Source: http://www.net-security.org/malware_news.php?id=3102

22. September 17, The Register – (International) Malware links Russians to 7-year global cyberspy campaign. Security researchers from F-Secure released new analysis revealing that the group behind the Dukes 7-year cyber-espionage malware campaign has been utilizing unique malware toolsets to steal information from governments worldwide as well as non-government organizations (NGOs). Researchers believe that the group operated to support Russian intelligence gathering. Source: http://www.theregister.co.uk/2015/09/17/russian_cyberspy_dukes_campaign/

23. September 17, Threatpost – (International) Dutch police arrest CoinVault ransomware authors. Dutch authorities arrested two suspects believed to be behind the CoinVault ransomware campaign that started in May 2014 and targeted over 1,500 users in nearly 24 countries. The ransomware encrypted victims’ files and made them unrecoverable until payment was received. Source: https://threatpost.com/dutch-police-arrest-alleged-coinvault-ransomware-authors/114707/

24. September 16, Threatpost – (International) Schenider patches plaintext credentials bug in building automation system. Schneider Electric released a firmware update for its StruxureWare Building Expert automation system addressing a remotely executable vulnerability regarding how the system transmits user credentials in plaintext between server and client machines. The Industrial Control System Cyber Emergency Response Team reported that the vulnerability has not been publicly exploited. Source: https://threatpost.com/schneider-patches-plaintext-credentials-bug-in-building-automation-system/114702/

For another story, see item 5 above in the Financial Services Sector

Communications Sector

25. September 16, Ars Technica – (California) More California fiber optic cable severed as AT&T offers 250K reward. The FBI is conducting an investigation September 16 into an attack on AT&T data lines in San Francisco after 2 more fiber optic cables were severed September 16, increasing the number of attacks to 16 since July 2014. AT&T is offering $250,000 for the capture of the culprit. Source: http://arstechnica.com/tech-policy/2015/09/more-california-fiber-optic-cable-severed-as-att-offers-250k-reward/

For another story, see item 20 above in the Information Technology Sector