Wednesday, October 29, 2014



Complete DHS Report for October 29, 2014

Daily Report

Top Stories

 · Eleven people were sent to an area hospital after a gas leak from a pressurized tank in a backyard that prompted the closure of Abraham Lincoln High School in Riverside, California, October 27. – Riverside Press-Enterprise
20. October 27, Riverside Press-Enterprise – (California) Riverside: Gas leak sends 11 to hospital; quarantine lifted. Eleven people were sent to an area hospital for observation following a gas leak from a pressurized tank in a backyard that prompted the closure of Abraham Lincoln High School in Riverside October 27, as well as the temporary quarantine of several blocks surrounding the tank. The containment order was lifted after authorities removed the source of the gas and sealed the leak which was caused by a corroded valve. Source: http://www.pe.com/articles/gas-752847-school-unknown.html

 · FireEye reported on an advanced persistent threat (APT) actor dubbed APT28 stating that the group used the Sourface downloader and Chopstick and EvilToss malware to attack governments and national and international organizations. – The Register See item 23 below in the Information Technology Sector
 
 · Researchers reported on an advanced persistent threat (APT) group that has used the Hikit malware family to target government agencies, law enforcement, aerospace, manufacturers, media, communications, pharmaceutical, energy, educational, and other institutions in the U.S. and several other countries since 2008. – Softpedia See item 26 below in the Information Technology Sector

 · Satellite data for the National Weather Service was restored October 23 after the agency experienced an outage that lasted for more than a day after the agency first stopped receiving weather data from a network of satellites. – Fierce Government IT See item 28 below in the Communications Sector
 
Financial Services Sector

3. October 27, Softpedia – (International) Banking trojan Dridex delivered through
Microsoft Word macros. Researchers with Palo Alto Networks found that the Dridex banking malware is being distributed via Microsoft Word documents containing malicious macros in a campaign that began October 21. The malicious documents are sent in fake invoice emails and mainly target users in the U.S. Source: http://news.softpedia.com/news/Banking-Trojan-Dridex-Delivered-Through-Microsoft-Word-Macros-463259.shtml

For another story, see item 7 below from the Transportation Systems Sector

7. October 27, Securityweek – (Delaware; New Jersey) Attackers breach PoS systems of Delaware Ferry service. Officials from the Delaware River and Bay Authority announced October 24 that the payment card data of customers who made purchases at Cape May-Lewes Ferry terminals and vessels in Delaware and New Jersey may have been compromised due to a possible data breach detected July 30. Customers who purchased food, beverages, and retail items between September 30, 2013 and August 7, 2014 may be affected. Source: http://www.securityweek.com/attackers-breach-pos-systems-delaware-ferry-service

Information Technology Sector

23. October 28, The Register – (International) EvilToss and Sourface hacker crew ‘likely’ backed by Kremlin - FireEye. FireEye released a report on an advanced persistent threat (APT) actor dubbed APT28 stating that the group used the Sourface downloader and Chopstick and EvilToss malware to attack NATO, Eastern European governments, European defense industry events, the World Bank, and other national and international organizations. The researchers stated that APT28 has been active since 2007 and was likely backed by the Russian government. Source: http://www.theregister.co.uk/2014/10/28/us_mandiant_claims_moscow_sponsoring_apt_28_hacker_group/

24. October 28, Securityweek – (International) Attackers exploit ShellShock via SMTP to distribute malware. Binary Defense Systems researchers reported that attackers are leveraging the ShellShock vulnerability in GNU Bash to target servers by adding the ShellShock payload to email subject, from, and to fields, abusing the Simple Mail Transfer Protocol (SMTP). If a system is compromised, a Perl-based IRC bot is downloaded and the SMTP gateway is added to a botnet designed for distributed denial of service (DDoS) attacks. Source: http://www.securityweek.com/attackers-exploit-shellshock-smtp-distribute-malware

25. October 28, IDG News Service – (International) ‘ScanBox’ keylogger targets Uyghurs, US think tank, hospitality industry. Researchers at PricewaterhouseCoopers found that the ScanBox keylogging framework may be being used by several attacker groups after it was found being used to perform keylogging attacks on a variety of Web sites, including a U.S. think tank and other sites. ScanBox was first discovered in August and uses JavaScript rather than installing malware to collect keystrokes and other information. Source: http://www.networkworld.com/article/2839600/security/scanbox-keylogger-targets-uyghurs-us-think-tank-hospitality-industry.html

26. October 28, Softpedia – (International) Sophisticated Chinese espionage group after Western advanced technology. A group of security and information technology companies coordinated by Novetta released a report into an advanced persistent threat (APT) group dubbed Axiom Group that has used the Hikit malware family and other tools to target government agencies, law enforcement, aerospace, manufacturers, media, communications, pharmaceutical, energy, educational, and other institutions in the U.S. and several other countries since 2008. The researchers stated that the group originates in China and appears to choose targets in line with Chinese government policies. Source: http://news.softpedia.com/news/Sophisticated-Chinese-Espionage-Group-After-Western-Advanced-Technology-463348.shtml

27. October 27, Securityweek – (International) Targeted attacks against businesses jump: Kaspersky Lab. Kaspersky Labs and B2B International released the results of a survey covering 3,900 respondents in 27 countries and found that 94 percent of businesses surveyed reported at least one cybersecurity incident in the past 12 months, with 12 percent of the countries surveyed reporting one or more targeted attack, among other findings. Source: http://www.securityweek.com/targeted-attacks-against-businesses-jump-kaspersky-lab

Communications Sector

28. October 27, Fierce Government IT – (Maryland) National Weather Service suffers satellite data outage, potentially affecting forecast quality. Satellite data for the National Weather Service was restored October 23 after the agency experienced a satellite data outage that lasted for more than a day after the agency first stopped receiving weather data from a network of satellites October 21. The agency stated that the outage could potentially affect forecast quality. Source: http://www.fiercegovernmentit.com/story/national-weather-service-suffers-satellite-data-outage-potentially-affectin/2014-10-27

For another story, see item 26 above in the Information Technology Sector