Complete DHS Report for July 12, 2016
Daily Report
Top Stories
• Security researchers from IBM’s X-Force Research reported that
the GootKit trojan, which targets banks internationally, has updated its source
and mode of operation to avoid antivirus detection by changing its installation
method. – Softpedia See item 4 below in
the Financial Services Sector
• The FBI offered a reward July 8 in exchange for information
leading to the capture of a man dubbed the “Hipster Bandit” who is suspected of
robbing eight banks and attempting to rob two others in San Diego County since
September 2015. – KNSD 39 San Diego See item 5 below in
the Financial Services Sector
• Officials announced July 11 that 2 Alabama campers were arrested
for arson in the Cold Springs Fire which grew to 538 acres and forced the
evacuation of nearly 2,000 residents near Boulder County, Colorado. – KUSA 9
Denver
22. July 11,
KUSA 9 Denver – (Colorado) 2 campers arrested for arson in Cold Springs Fire.
The Boulder County Sheriff’s Office announced July 11 that 2 Alabama
campers were arrested for arson in the Cold Springs Fire which grew to 538
acres and forced the evacuation of nearly 2,000 residents near Boulder County,
Colorado. Source: http://www.9news.com/news/local/wildfires/2-campers-arrested-for-arson-in-cold-springs-fire/268906229
• Omni Hotels & Resorts reported July 8 that its point-of-sale
(PoS) systems were allegedly compromised after discovering malware attacks on
its network May 30, which intended to collect payment card data. – IDG News
Service
25. June 11,
IDG News Service – (National) Omni Hotels was hit by point-of-sale malware. Omni
Hotels & Resorts reported July 8 that its point-of-sale (PoS) systems were
allegedly compromised after discovering malware attacks on its network May 30,
which were intended to collect certain payment card information including
cardholder names, credit/debit card numbers, security codes, and expiration
dates. The luxury hotel did not disclose how many of its 60 properties were
affected.
Financial Services Sector
4. July 11,
Softpedia – (International) GootKit banking trojan receives massive
update. Security researchers from IBM’s X-Force Research reported that the
GootKit trojan, which targets banks internationally, has updated its source and
mode of operation to avoid antivirus detection by changing its installation
method to use scheduled tasks that run every minute, allowing the trojan to run
with least-privilege user accounts (LUA) and administrator accounts.
5. July 8,
KNSD 39 San Diego – (California) FBI seeks ‘Hipster Bandit,’ offers $20K reward. The
FBI offered a reward July 8 in exchange for information leading to the capture
of a man dubbed the “Hipster Bandit” who is suspected of robbing eight banks
and attempting to rob two others in San Diego County since September 2015,
including a Wells Fargo Bank branch July 2.
6. July 7,
U.S. Attorney’s Office, District of Connecticut –
(Connecticut) Norwich resident admits role in insurance fraud scheme. A
Norwich, Connecticut resident pleaded guilty July 7 for his role in an
insurance fraud scheme where he and co-conspirators staged approximately 50 car
crashes in southeastern Connecticut, and filed fraudulent property damage and
bodily injury claims with various automobile insurance companies in order to
collect up to $30,000 in insurance payouts per fraudulent claim between April
2011 and February 2014. Source: https://www.justice.gov/usao-ct/pr/norwich-resident-admits-role-insurance-fraud-scheme
Information Technology Sector
24. July 11,
Softpedia – (International) MIUI vulnerability affects millions of Xiaomi
Android devices. Security researchers from IBM’s Security Intelligence team
reported that a remote code execution (RCE) vulnerability exists in MIUI
analytics component in versions prior to MIUI Global Stable 7.2 after
researchers discovered that the self-update mechanism can be hijacked via a
Man-in-the-Middle (MitM) attack and used to deliver malicious update packages.
The analytics package uses Hypertext Transfer Protocol (HTTP) to query an
update server for upgrades and downloads the update requests, allow attackers to
watch for requests and use basic spoofing techniques.
For another story, see item 4 above in the Financial Services Sector
Communications Sector
Nothing to report