Friday, May 27, 2016



Complete DHS Report for May 27, 2016

Daily Report                                            

Top Stories

• Seattle City Light is investigating the cause of a power outage that knocked out power to downtown Seattle for about 1 hour May 25, causing 60 percent of the area to lose service. – Seattle Times

1. May 26, Seattle Times – (Washington) Power restored after major, hour-long outage in downtown Seattle. Seattle City Light is investigating the cause of a power outage that knocked out power to downtown Seattle for about 1 hour May 25, causing 60 percent of the area to lose service and 12,000 electric meters to be affected. Traffic was gridlocked during the outage and several people were trapped in the elevators of various buildings.

• The U.S. Food and Drug Administration finalized May 26 a new food safety rule that requires food facilities to establish food defense monitoring procedures and corrective actions as part of an effort to prevent wide-scale public health harm. – U.S. Food and Drug Administration

8. May 26, U.S. Food and Drug Administration – (National) FDA issues final food defense regulation. The U.S. Food and Drug Administration finalized May 26 a new food safety rule under its Food Safety Modernization Act that requires foreign and domestic food facilities to complete and maintain a written food defense plan that assesses the companies’ potential vulnerabilities to deliberate contamination intended to cause wide-scale public health risks, to identify and implement mitigation strategies to address the vulnerabilities, and to establish food defense monitoring procedures and corrective actions, among other requirements as part of an effort to prevent wide-scale public health harm and to protect the food supply.

• The CEO of NS1 reported that the company experienced dozens of large distributed denial-of-service (DDoS) attacks and attacks against the company’s upstream network providers. – Help Net Security See item 18 below in the Information Technology Sector

• Officials reported that at least three people were injured and one person was killed May 25 after a suspect opened fire at the Irving Plaza music venue in New York City during a music performance. – CNN  

22. May 26, CNN – (New York) One killed in shooting at rapper’s concert. The New York Police Department reported that at least three people were injured and one person was killed May 25 after a suspect opened fire at the Irving Plaza music venue in New York City during a music performance, prompting about 950 attendees to evacuate the building.

Financial Services Sector

5. May 25, U.S. Department of Justice – (West Virginia) West Virginia business owners indicted for failing to pay employment taxes. The owners of Taylor Contracting/Taylor Ready-Mix LLC and Bluegrass Aggregates LLC in West Virginia were indicted May 25 after the pair failed to collect, account for, and pay more than $1 million in Federal income taxes, Social Security taxes, and Medicare taxes withheld from the wages of its employees to the U.S. Internal Revenue Service from 2007 – 2010. Source: https://www.justice.gov/opa/pr/west-virginia-business-owners-indicted-failing-pay-employment-taxes

Information Technology Sector

17. May 26, SecurityWeek – (International) “Wekby” group uses DNS requests for C&C communications. Security researchers from Palo Alto Networks discovered that an advanced persistent threat (APT) group named Wekby, APT 18, Dynamite Panda, and TG-0416, was using the “pisloader” malware to infiltrate a system via Domain Name System (DNS) requests for command & control (C&C) communications, which allows the malware to bypass security products. The “pisloader” malware was believed to be a variant of the HTTPBrowser, a remote access trojan (RAT). Source: http://www.securityweek.com/wekby-group-uses-dns-requests-cc-communications

18. May 26, Help Net Security – (International) DNS provider NS1 hit with multi-faceted DDoS attacks. The CEO of NS1 reported that during the week of May 16 the company experienced dozens of large distributed denial-of-service (DDoS) attacks including simple volumetric attacks, complex direct Domain Name System (DNS) lookup attacks, and attacks against the company’s upstream network providers. The motive behind the attacks is unknown, but the attacks were seen targeting the DNS, content delivery network (CDN), and Internet infrastructure industries in Europe, U.S., and Asia. Source: https://www.helpnetsecurity.com/2016/05/26/dns-ddos-ns1/

19. May 26, Softpedia – (International) Hackers prefer file upload, XSS, and SQLi bugs when attacking WordPress sites. Check Point released a report that analyzed telemetry data from its security products and attacks against WordPress plugins which revealed that attackers were using automated scripts to scan WordPress Web sites for vulnerabilities to exploit payloads and use the collected information to create a security status report and compromise the Web sites. Attackers compromised the Web sites with malicious redirects, sending visitors to exploit kit (EK) sites, and leveraged File Upload vulnerabilities. Source: http://news.softpedia.com/news/hackers-prefer-file-upload-xss-and-sqli-bugs-when-attacking-wordpress-sites-504496.shtml

20. May 25, Softpedia – (International) FBI: Ransomware complaints doubled in 2015. The FBI’s Internet Crime Complaint Center (IC3) released its 2015 Internet Crime Report which revealed that during 2015, the FBI recorded 2,453 ransomware complaints and estimated that the recorded infections caused over $1.6 million in damages to the victims. Reports by Enigma Software and Kaspersky found that ransomware campaigns grew with a 14 percent increase from year-to-year. Source: http://news.softpedia.com/news/fbi-ransomware-complaints-doubled-in-2015-504492.shtml

Communications Sector

21. May 25, Tampa Bay Times – (Florida) Seffner man fined $48,000 by FCC for using cell phone jammer on daily commute. The U.S. Federal Communications Commission issued a $48,000 fine May 25 to a Seffner man for illegally interfering with cellular service along Interstate 4 and disrupting police communications for up to 2 years via a cell phone jamming device. Source: http://www.tampabay.com/news/publicsafety/crime/seffner-man-fined-48000-by-fcc-for-using-cell-phone-jammer-on-daily-commute/2278972