Tuesday, April 9, 2013
Complete DHS Daily Report for April 9, 2013
• A Virginia lawyer pleaded guilty for her role in a fraud scheme involving fraudulently obtained loans guaranteed by the U.S. Small Business Administration, causing over $100 million in losses. – Bloomberg News See item 6 below in the Banking and Finance Sector
• Symantec found that the cybercriminals behind the Shylock banking trojan have added new functions and infrastructure to the malware, expanding its targets and capabilities. – Threatpost See item 9 below in the Banking and Finance Sector
• Tysons Foods will pay close to $4 million in fines in a settlement with the federal government over the accidental release of chemicals at Tyson plants in four States that caused injuries, property damage, and one death. – KFSM 5 Fort Smith
16. April 5, KFSM 5 Fort Smith – (National) Tyson fined $4 million after accidental chemical releases. Tysons Foods will pay close to $4 million in fines in a settlement with the federal government over the accidental release of chemicals at Tyson plants in four States that caused injuries, property damage, and one death. Source: http://5newsonline.com/2013/04/05/tyson-fined-4-million-after-accidental-chemical-releases/
• Researchers discovered an open FTP server that holds the source code for several American Megatrends (AMI) BIOS as well as the private signing key for Unifiied Extensible Firmware Interface (UEFI) updates, information potentially very valuable in carrying out cyberespionage. – Softpedia See item 31 below in the Information Technology Sector
Banking and Finance Sector
6. April 5, Bloomberg News – (Virginia) Virginia lawyer pleads guilty in $100 million SBA loan fraud. A Great Falls lawyer pleaded guilty for her role in a fraud scheme involving fraudulently obtained loans guaranteed by the U.S. Small Business Administration, causing over $100 million in losses. Source: http://www.bloomberg.com/news/2013-04-05/virginia-lawyer-pleads-guilty-in-100-million-sba-loan-fraud-1-.html
7. April 5, Federal Bureau of Investigation – (Virginia) Former jewelry store owner and loan officer charged in $20 million mortgage fraud scheme. Two individuals from Ashburn were charged by a federal grand jury with conspiracy and bank fraud for allegedly running a $20 million mortgage fraud scheme. Source: http://www.fbi.gov/washingtondc/press-releases/2013/former-jewelry-store-owner-and-loan-officer-charged-in-20-million-mortgage-fraud-scheme
8. April 5, WKRC 12 Cincinnati – (Ohio) Three men busted for “well-oiled” credit card scheme. Three men were charged in Hamilton County for their alleged role in a $150,000 credit card fraud scheme. Around 90 fraudulent cards were found during their arrest. Source: http://www.local12.com/mostpopular/story/Three-Men-Busted-For-Well-Oiled-Credit-Card-Scheme/Ms3ZQnOAIUONIlqSdf8Pfg.cspx
9. April 5, Threatpost – (International) Shylock trojan going global with new features, resilient infrastructure. Symantec found that the cybercriminals behind the Shylock banking trojan have added new functions and infrastructure to the malware, expanding the banking institutions that it targets and allowing it to steal other passwords and user information. Source: http://threatpost.com/en_us/blogs/shylock-trojan-going-global-new-features-resilient-infrastructure-040513
Information Technology Sector
28. April 8, V3.co.uk – (International) Doctor Web hijacks control of BackDoor botnet from criminals. Antivirus provider Doctor Web took control of the BackDoor.Bulknet.739 botnet and posted an analysis of its composition and effectiveness. Source: http://www.v3.co.uk/v3-uk/news/2259913/doctor-web-hijacks-control-of-backdoor-botnet-from-criminals
29. April 7, CVG UK – (International) Server attack forces Harmonix sites offline. Video game developer Harmonix took their Web sites offline April 7 after they detected a possible intrusion. Source: http://www.computerandvideogames.com/399601/server-attack-forces-harmonix-sites-offline/
30. April 6, Softpedia – (International) Microsoft fixes DOM XSS vulnerability on Skype.com. Microsoft closed a DOM-based cross-site scripting (XSS) vulnerability on the Skype Web site during March after a researcher informed the company of it December 2012. Source: http://news.softpedia.com/news/Microsoft-Fixes-DOM-XSS-Vulnerability-on-Skype-com-343527.shtml
31. April 5, Softpedia – (International) FTP server in Taiwan leaks AMI BIOS source code, UEFI signing key. Researchers discovered an open FTP server that holds the source code for several American Megatrends (AMI) BIOS as well as the private signing key for Unifiied Extensible Firmware Interface (UEFI) updates, information potentially very valuable in carrying out cyberespionage. Source: http://news.softpedia.com/news/FTP-Server-in-Taiwan-Leaks-AMI-BIOS-Source-Code-UEFI-Signing-Key-343426.shtml
32. April 5, Ars Technica – (International) Bitcoin wallet service Coinbase faces phishing attacks after data leak. Coinbase, a wallet service for the virtual currency Bitcoin, accidentally exposed user and transaction information on its Web site, leading to phishing attacks against the revealed email addresses. Source: http://arstechnica.com/tech-policy/2013/04/bitcoin-wallet-service-coinbase-faces-phishing-attacks-after-data-leak/
33. April 5, SC Magazine – (International) Android trojan spreads through Cutwail spam botnet. A large Cutwail botnet has been found spreading an Android trojan dubbed Stels which is capable of gleaning user information and performing functions on infected devices. Source: http://www.scmagazine.com/android-trojan-spreads-through-cutwail-spam-botnet/article/287554/
34. April 5, V3.co.uk – (International) Coca Cola, Credit Suisse and Mercedez-Benz execs caught up in phishing scam. Webroot researchers found Microsoft Access files from major international companies for sale on underground market Web sites, offering executives’ contact information for use in creating more effective phishing attacks. Source: http://www.v3.co.uk/v3-uk/news/2259558/coca-cola-credit-suisse-and-mercedezbenz-execs-caught-up-in-phishing-scam
For another story, see item 9 above in the Banking and Finance Sector
35. April 7, Cranberry Patch; Pittsburgh Post-Gazette– (Pennsylvania) Phone and internet service outage affecting Cranberry businesses. A contractor installing a water line for the town of Cranberry April 5 damaged an underground telephone cable, disrupting Internet and phone services for area businesses. Services were expected to be restored by April 7. Source: http://cranberry.patch.com/articles/phone-and-internet-service-outage-affecting-cranberry-businesses
Department of Homeland Security (DHS)
DHS Daily Open Source Infrastructure Report Contact Information
About the reports - The DHS Daily Open Source Infrastructure Report is a daily [Monday through Friday] summary of open-source published information concerning significant critical infrastructure issues. The DHS Daily Open Source Infrastructure Report is archived for ten days on the Department of Homeland Security Web site: http://www.dhs.gov/IPDailyReport
Content and Suggestions: Send mail to firstname.lastname@example.org or contact the DHS Daily Report Team at (703)387-2314
Subscribe to the Distribution List: Visit the DHS Daily Open Source Infrastructure Report and follow instructions to Get e-mail updates when this information changes.
Removal from Distribution List: Send mail to email@example.com.
To report physical infrastructure incidents or to request information, please contact the National Infrastructure
Coordinating Center at firstname.lastname@example.org or (202) 282-9201.
To report cyber infrastructure incidents or to request information, please contact US-CERT at email@example.com or visit their Web page at www.us-cert.go v.
Department of Homeland Security Disclaimer
The DHS Daily Open Source Infrastructure Report is a non-commercial publication intended to educate and inform personnel engaged in infrastructure protection. Further reproduction or redistribution is subject to original copyright restrictions. DHS provides no warranty of ownership of the copyright, or accuracy with respect to the original source material.