Wednesday, September 7, 2016



Complete DHS Report for September 7, 2016

Daily Report                                            

Top Stories

•Louisiana officials worked September 5 to secure a Harvest Pipeline Company pipelineafter 5,300 gallons of crude oil leaked near Bay Long after a Great Lakes Dredge and DockCompany vessel struck the pipeline during excavation. – Associated Press

1. September 6, Associated Press – (Louisiana) 5,300-gallon oil spill being cleaned in south Louisiana. The Louisiana Department of Wildlife and Fisheries and the U.S. Coast Guard in New Orleans worked September 5 to secure a Harvest Pipeline Company pipeline after 5,300 gallons of crude oil leaked near Bay Long after a Great Lakes Dredge and Dock Company vessel struck the pipeline during excavation. Source: http://www.wdsu.com/news/local-news/new-orleans/5300gallon-oil-spill-being-cleaned-in-south-louisiana/41530734

•Mazda Motor Corporation issued a recall September 6 for 41,918 of its model years 2009 –2010 Mazda6 vehicles due to faulty airbag systems that can prevent the airbags from deploying during collisions. – TheCarConnection.com

6. September 6, TheCarConnection.com – (National) 2009-2010 Mazda Mazda6 recalled for airbag problem. Mazda Motor Corporation issued a recall September 6 for about 41,918 of its model years 2009 – 2010 Mazda6 vehicles sold in the U.S. due to faulty airbag systems caused by poor application of protective coating, which could allow moisture to enter the airbag control unit and cause damage, thereby preventing the airbags from deploying during collisions and increasing the risk of injury. Source:

•About 125,000 gallons of partially treated wastewater spilled into Slocum Creek in Havelock, North Carolina, September 2 after a pump controller at the Havelock Water Plant failed due to heavy rains from Tropical Storm Hermine. – WNCT 9 Greenville

21. September 4, WNCT 9 Greenville – (North Carolina) 125,000 gallons of wastewater discharged in Havelock. Approximately 125,000 gallons of partially treated wastewater spilled into Slocum Creek in Havelock, North Carolina, September 2 after a pump controller at the Havelock Water Plant failed due to heavy rains from Tropical Storm Hermine. Officials reset the pump controller to prevent further damage. Source: http://wnct.com/2016/09/04/125000-gallons-of-wastewater-discharged-in-havelock/

•Two men were arrested in Coweta, Oklahoma, September 2 for their roles in a more than$1 million gift-card theft ring targeting Walmart stores in 31 States. – Tulsa World

31. September 4, Tulsa World – (National) Coweta police arrest two suspects in nationwide Wal-Mart theft ring. Two men were arrested in Coweta, Oklahoma, September 2 for their roles in a more than $1 million gift-card theft ring targeting Walmart stores in 31 States where the duo and co-conspirators tricked Wal-Mart employees into loading hundreds of dollars onto reloadable Visa gift cards without paying for the cards. Authorities arrested the duo after store security guards reported the men to the police. Source: http://www.tulsaworld.com/news/crimewatch/coweta-police-arrest-two-suspects-in-nationwide-wal-mart-theft/article_eff8aa39-8455-54c3-84bd-0b9a29ebea78.html

Financial Services Sector

9. September 2, South Florida Sun-Sentinel – (Florida) FBI: Prolific ‘Filter Bandit’ strikes again at Fort Lauderdale bank. The FBI is searching September 2 for a man dubbed the “Filter Bandit” who is suspected of robbing several banks in Broward County, Florida, since August 2014, including an AmTrust Bank branch in Fort Lauderdale September 2. Source: http://www.sun-sentinel.com/local/broward/fl-fort-lauderdale-filter-bandit-20160902-story.html

For another story, see item 32 below from the Commercial Facilities Sector

32. September 3, Softpedia – (Tennessee) Hutton Hotel PoS systems compromised with malware for four years. Hutton Hotel in Nashville, Tennessee, announced September 2 a security breach may have compromised the payment card information of all customers who used their credit or debit cards at the hotel since September 2012 after discovering that the point-of-sale (PoS) systems at its check-in counter and onsite food and beverage outlets were infected with malware when the hotel’s payment processor detected the breach and notified hotel officials. Source: http://news.softpedia.com/news/hutton-hotels-pos-systems-compromised-with-malware-for-four-years-507924.shtml

Information Technology Sector

27. September 4, SecurityWeek – (International) Cerber 3.0 ransomware variant emerges. TrendMicro researchers reported a new variant of the Cerber ransomware, dubbed Cerber 3.0 emerged as a payload in a malvertising campaign and serves users with a malicious ad in a pop-up window after clicking a video to play, which then redirects the victims to the Magnitude and RIG exploit kits (EKs) landing page. Researchers found the malware appends the .cerber3 extension to the encrypted files, then deletes all copies of the files to prevent users from restoring their files, and prompts victims with a ransom note. Source: http://www.securityweek.com/cerber-30-ransomware-variant-emerges

28. September 2, Softpedia – (International) Attackers combine three botnets to launch massive DDoS attack. Sucuri researchers reported attackers combined a home router botnet comprised of 11,767 devices, an internet of things (IoT) closed circuit television (CCTV) botnet comprised of 25,000 cameras, and a botnet made up of compromised Linux servers to carry out a Layer 7 distributed denial-of-service (DDoS) attack involving traffic from over 47,000 Internet Protocol (IP) addresses. Sucuri stated the 3-botnet distribution enabled the attacker to send 120,000 requests per second without disrupting the operation of the infected machines. Source: http://news.softpedia.com/news/attackers-combine-three-botnets-to-launch-massive-ddos-attack-507901.shtml

For additional stories, see items 7 and 8 from the Critical Manufacturing Sector

7. September 5, Softpedia – (International) LuaBot is the first DDoS malware coded in Lua targeting Linux platforms. Security researchers from MalwareMustDie! discovered a trojan coded in Lua was compromising Linux platforms and internet of things (IoT) devices or Web servers in order to add them as bots inside a larger botnet controlled by the malicious actor. The security researchers reported the LuaBot trojan is packed as an Executable and Linkable Format (ELF) binary targeting Advanced RISC Machines (ARM) platforms and can be found in embedded IoT devices.

8. September 5, Softpedia – (International) Mirai DDoS trojan is the next big threat to IoT devices and Linux servers. MalwareMustDie! (MMD) security researchers discovered a new trojan, dubbed Mirai was targeting Linux servers and internet of things (IoT) devices running Busybox, and a specific set of platforms, including Advanced RISC Machines (ARM) and ARM7, among others, on which IoT devices are built via brute-force attacks on the Telnet port using a list of default admin credentials to exploit cases where users failed to change the built-in passwords. Researchers believe the trojan was built to target digital video recorders (DVRs) and Internet Protocol (IP) cameras.

Communications Sector

See item 28 above in the Information Technology Sector