Complete DHS Report for April 18, 2016
•IBM Security researchers discovered a hybrid trojan, dubbed “GozNym” was similar to the Nymaim dropper and the Gozi financial malware and believed to have stolen millions of dollars from 22 financial institutions in the U.S. and Canada. – SecurityWeek See item 6 below in the Financial Services Sector
•A Washington Metropolitan Area Transit Blue Line train stalled in a tunnel near theRosslyn station in Virginia April 14, leaving between 100 to 200 riders trapped for morethan 1 hour. – WTTG 5 Washington, D.C.
9. April 14, WTTG 5 Washington, D.C. – (Virginia) Metro train gets stuck in tunnel near Rosslyn, all passengers evacuated safely. A train on the Washington Metropolitan Area Transit Authority’s Blue Line stalled in a tunnel near the Rosslyn station in Virginia April 14, leaving between 100 to 200 riders trapped for more than 1 hour before officials hauled the train out of the tunnel and evacuated riders. The disabled train was towed from the station.
•A former owner of Medistat Group Associates in Dallas was convicted April 13 for falsely billing Medicaid and Medicare nearly $375 million after he and 6 other co-conspirators certified 11,000 Medicare beneficiaries through more than 500 home health providers from January 2006 – November 2011. – Associated Press
17. April 14, Associated Press – (Texas) Jury convicts Texas doctor in biggest home health care fraud. A doctor and former owner of Medistat Group Associates in Dallas was convicted April 13 for his role in a false claims scheme that billed Medicaid and Medicare nearly $375 million after he and at least 6 other co-conspirators recruited Medicare clients to sign up for home health care services, falsified records to show that nursing services were being rendered, and performed unnecessary home visits and ordered unnecessary medical services. The doctor and co-defendants certified 11,000 Medicare beneficiaries through more than 500 home health providers between January 2006 and November 2011. Source: http://www.foxnews.com/health/2016/04/14/jury-convicts-texas-doctor-in-biggest-home-health-care-fraud.html
•Michigan officials reported that 2 men were charged with conspiracy to commit fraud and interstate transportation of stolen goods April 14 after the duo allegedly ordered 193 Apple iPhones, worth $180,000 using Amway’s identity. – Grand Rapids Press
27. April 14, Grand Rapids Press – (Michigan) 2 indicted in $180,000 iPhone mail fraud scheme. The U.S. District Court in Grand Rapids, Michigan, reported that 2 men were charged with conspiracy to commit wire fraud, mail fraud, and interstate transportation of stolen goods April 14 after the two allegedly ordered 193 Apple iPhones, worth $180,000 by impersonating Amway’s employees and gaining the company’s account information, which were later used to intercept packages during FedEx deliveries. Source: http://www.mlive.com/news/grand-rapids/index.ssf/2016/04/2_indicted_in_180000_iphone_ma.html
Financial Services Sector
4. April 14, U.S. Securities and Exchange Commission – (Vermont) SEC case freezes assets of ski resort steeped in fraudulent EB-5 offerings. The U.S. Securities and Exchange Commission charged two owners of Jay Peak Inc., and its eight business partners for conducting a Ponzi-like fraud scheme April 14 after the group misused more than $350,000 million, which was raised through investments and solicited under the EB-5 Immigrant Investor Program by using the funds for personal expenses and other-than-stated purposes while omitting key information and making false statements to investors in an effort to construct ski resort facilities and a biomedical research facility in Vermont. Source: https://www.sec.gov/news/pressrelease/2016-69.html
5. April 14, San Francisco Chronicle – (California) 9 charged in alleged San Jose car insurance fraud ring. The Santa Clara County District Attorney’s Office reported April 13 that a San Jose body shop manager, his girlfriend, and seven other body shop owners were charged with insurance fraud after the group allegedly made more than $140,000 by filing false insurance claims following the group’s fabrication of over 20 vehicle accidents listed under counterfeit names from 2011 – 2015. The group purchased the insurance policies days before each incident and purposely damaged each car to file claims to several insurance company. Source: http://www.sfgate.com/crime/article/9-charged-in-alleged-San-Jose-car-insurance-fraud-7250094.php
6. April 14, SecurityWeek – (International) Hybrid trojan “GozNym” targets North American banks. Researchers from IBM Security discovered a hybrid trojan, dubbed “GozNym,” which was reported to be similar to the Nymaim dropper and the Gozi financial malware, leverages Nymaim dropper’s stealth and persistence while adding trojan capabilities from Gozi’s ISFB parts to facilitate fraud via infected Internet browsers. The trojan is believed to have stolen millions of dollars from victims, targeting 22 financial institutions in the U.S. and Canada including banks, credit unions, e-commerce platforms, and retail banking.
Information Technology Sector
22. April 15, SecurityWeek – (International) No patches for QuickTime Flaws as Apple ends support on Windows. ZDI reported that Apple will no longer release security updates for Window versions of QuickTime after a security researcher from Source Incite found a heap corruption vulnerability that could allow an attacker to exploit the flaw for remote code execution (RCE) once a victim accesses a maliciously crafted Web site or file. Apple released instructions on ways to remove QuickTime for Window users and advised users to remove legacy plugins to enhance their personal computer (PC) security.
23. April 15, Softpedia – (International) Google, Microsoft address problems in their URL shorteners. An independent security researcher and a professor at Cornell Tech discovered that many Universal Resource Language (URL) shortening services used by Google and Microsoft, employ short random character tokens that can allow an attacker to infiltrate potential private files holding sensitive information using brute-force attacks. The researchers found the flaw after beginning a series of automated scans on Microsoft’s 1drv.com and found it exceptionally easy to brute-force its small 6-character URLs. Source: http://news.softpedia.com/news/google-microsoft-address-problems-in-their-url-shorteners-503007.shtml
24. April 14, SecurityWeek – (International) Clever techniques help malware evade AV engines. Security researchers from FireEye released a study titled, Ghost in the Endpoint which revealed that various components of malware went undetected for an extended period of time by antivirus programs including a backdoor dubbed “GOODTIMES,” which was left undetected due to its disguise as an Excel file (XLSX) while leveraging a Flash Player exploit.
25. April 14, Softpedia – (International) Lizzard Squad downs Blizzard servers with massive DDoS attacks. A Blizzard spokesman reported that its European and U.S. servers that host games such as World of Warcraft, Diablo 3, and Starcraft 2 experienced connectivity and latency issues for several hours April 14 following an potential denial of service (DDoS) attack allegedly conducted by Lizard Squad hacking group. Blizzard technical support was working to mitigate the impact of the attacks. Source: http://news.softpedia.com/news/lizard-squad-downs-blizzard-servers-with-massive-ddos-attacks-502977.shtml
26. April 14, Softpedia – (International) Microsoft issues optional Windows update to fix MouseJack vulnerability. Microsoft released its monthly security updates addressing several vulnerabilities including a flaw dubbed, MouseJack after security researchers from Bastille found an attacker could spoof data from a wireless device and force the Universal Serial Bus (USB) dongle to send fraudulent instructions to the connected personal computer (PC) and execute malicious actions. Source: http://news.softpedia.com/news/microsoft-issues-optional-windows-update-to-fix-mousejack-vulnerability-502962.shtml
For another story, see item 6 above in the Financial Services Sector
Nothing to report