Monday, March 21, 2016



Complete DHS Report for March 21, 2016

Daily Report                                            

Top Stories

• Researchers reported that a business email compromise campaign (BEC) dubbed Olympic Vision was targeting international organizations in the Manufacturing and Real Estate sector to obtain information and manipulate employees. – SecurityWeek

4. March 17, SecurityWeek – (International) Nigerian cybercriminals target firms worldwide in BEC campaign. Researchers at Trend Micro reported a business email compromise campaign (BEC) dubbed Olympic Vision, allegedly run by two Nigerian cybercriminals, was targeting international organizations in the Manufacturing and Real Estate sector to obtain information and manipulate employees into transferring large monetary funds to bank accounts controlled by the hackers. Attackers sent urgent-sounding emails to compel victims into installing a piece of malware which allowed attackers to steal saved credentials from browsers, Windows product keys, keystrokes, and network information, among other data. Source: http://www.securityweek.com/nigerian-cybercriminals-target-firms-worldwide-bec-campaign

• San Francisco officials reported that part of the Bay Area Rapid Transit (BART) system will be shut down indefinitely beginning March 17 while officials investigate the cause of recent train failures. – San Francisco Chronicle

8. March 18, San Francisco Chronicle – (California) BART chaos expected to go on indefinitely. San Francisco officials reported that the Bay Area Rapid Transit (BART) system between Pittsburg-Bay Point station and North Concord station will be shut down indefinitely beginning March 17 while officials investigate the cause of recent train failures following a March 16 power spike that caused 50 train cars to fail. The shutdown will replace 2,000 feet of worn tracks, 950 wooden ties, and several other track components. Source: http://www.sfgate.com/bayarea/article/BART-commuter-chaos-continues-as-East-Bay-6895501.php

• Approximately 21,000 gallons of raw sewage spilled into Waimano Stream in Pearl City, Hawaii, March 17 after a 10-inch pipe at the Pacific Palisades Wastewater Pump Station ruptured. – Honolulu Civil Beat

12. March 17, Honolulu Civil Beat – (Hawaii) Raw sewage leak near Pearl Harbor. Approximately 21,000 gallons of raw sewage spilled into Waimano Stream in Pearl City March 17 after a 10-inch pipe at the Pacific Palisades Wastewater Pump Station ruptured. The city notified the Hawaii Department of Health and workers posted warning signs to encourage people to stay out of the affected waters. Source: http://www.civilbeat.com/2016/03/sewage-leak-near-pearl-harbor/

• Minnesota-based North Memorial Health Care settled charges March 14 alleging that the medical center violated Federal health privacy law after a 2011 theft of a laptop computer which reportedly contained the health information of about 16,800 patients. – Minneapolis Star Tribune

13. March 17, Minneapolis Star Tribune – (Minnesota) North Memorial Health Care paying $1.5 million in Federal privacy settlement. The U.S. Department of Health and Human Services reached a settlement the week of March 14 with Minnesota-based North Memorial Health Care to resolve charges that the medical center violated Federal health privacy law in connection to a 2011 theft of a laptop computer from the vehicle of an employee of a third-party vendor, Accretive Health, which reportedly contained the health information of approximately 16,800 patients. The medical center will pay $1.55 million and develop an organization-wide risk analysis and risk management plan, among other requirements. Source: http://www.startribune.com/north-memorial-paying-1-5-million-in-federal-privacy-settement/372490911/
  
Financial Services Sector

5. March 17, U.S. Department of Justice – (International) Nevada man convicted of perpetrating nationwide multi-million dollar fraud scheme. Officials from the U.S. Department of Justice’s Tax Division announced March 17 that a Nevada man was found guilty of orchestrating a $2 million Nigerian oil investment fraud scheme from 2004 – 2012 after he and a co-conspirator mislead investors by falsely claiming that the invested money would be used to purchase an oil refinery in the Bahamas and used for the production, refinement, and shipment of crude oil from Nigeria to the Bahamas. The money was instead used for personal expenses or transferred to unknown bank accounts in China, and officials stated the man also falsely claimed individual unemployability compensation benefits from the U.S. Department of Veterans Affairs. Source: https://www.justice.gov/opa/pr/nevada-man-convicted-perpetrating-nationwide-multi-million-dollar-fraud-scheme

6. March 17, Dallas Morning News – (Texas) Dallas FBI searching for ‘Bad Hair Bandit’ in string of Preston Road bank robberies. The Dallas FBI is searching March 17 for a man dubbed the “Bad Hair Bandit” suspected of committing five robberies or attempted robberies at the BB&T Bank, Comerica Bank, Bank of Texas, and two separate BBVA Compass Banks in Dallas since January. Source: http://crimeblog.dallasnews.com/2016/03/dallas-fbi-searching-for-suspected-serial-bank-robber-dubbed-bad-hair-bandit.html/

Information Technology Sector

18. March 17, IDG News Service – (International) Stagefright exploit puts millions of Android devices at risk. NorthBit released a report addressing a vulnerability dubbed Metaphor, which affects Android versions 2.2. – 4.0, as well as 5.0 and 5.1, after security researchers discovered a new way to exploit a previously patched remote code execution vulnerability found in Stagefright, Android’s mediaserver and multimedia library. Researchers reported attackers tricked victims into clicking a malicious link sent via email that would execute the exploit. Source: http://www.computerworld.com/article/3045793/security/stagefright-exploit-puts-millions-of-android-devices-at-risk.html#tk.rss_security

19. March 17, Softpedia – (International) iCloud account hijacking scam is as bad as ransomware. Security researchers discovered that attackers could hack a victim’s Apple iCloud account and use the device’s security features to create malicious actions against the victim by using the Find my Mac feature and Find my iPhone feature. The two features enabled attackers to lock the device and display a ransomware message on a target’s device. Source: http://news.softpedia.com/news/icloud-account-hijacking-scam-is-as-bad-as-ransomware-501868.shtml

For additional stories, see item 3 below from the Critical Manufacturing Sector and item 4 above in Top Stories

3. March 17, IDG News Service – (National) Vehicles are ‘increasingly vulnerable’ to hacking, FBI warns. Officials from the FBI and the National Highway Traffic Safety Administration warned the public March 17 against the increasing risk of cyber-attacks on vehicle computers via the linkages between different-on-board systems which provides portals that adversaries can exploit to remotely attack the vehicle controls and systems, and via third-party devices plugged into a vehicle’s diagnostic port that can introduce vulnerabilities. The FBI advised consumers to be cautious when connecting third-party devices and be aware of software updates for their vehicles.

Communications Sector

See item 17 below from the Emergency Communications Sector

17. March 18, KDAL 610 AM Duluth – (Minnesota) Carlton County phone service restored. Phone and 9-1-1 services were restored March 18 in the Moose Lake, Barnum, Blackhoof, and Mahtowa areas in Carlton County after a March 17 outage. Source: http://kdal610.com/news/articles/2016/mar/18/carlton-county-phone-outage/