Thursday, March 26, 2015



Complete DHS Report for  March 26, 2015

Daily Report

Top Stories

 · A Romanian national was extradited to the U.S. March 20 to face charges that he alleged a large-scale hacking scam in which he breached computer systems of retailers, medicoffices, security companies, and individuals’ online accounts. – NJ.com See item 4 below in the Financial Services Sector

 · Officials are investigating the source of a leak that is causing the loss of more than 600,0gallons of water a day in Rutland, Vermont, and has been affecting customers’ water pressure since March 21. – Associated Press; Rutland Herald

17. March 25, Associated Press; Rutland Herald – (Vermont) Vermont city losing 600K-plus gallons of water daily in leak. Officials are investigating the source of a leak that is causing the loss of more than 600,000 gallons of water a day in Rutland, Vermont, and has been affecting customers’ water pressure since March 21. The city’s Public Works Commissioner reported that workers are inspecting valves, hydrants, and vacant buildings, and announced a plan to isolate and check 3 transmission lines running from a water plant into the city. Source: http://abcnews.go.com/US/wireStory/vermont-city-losing-600k-gallons-water-daily-leak-29892445

 · Swedesboro-Woolwich School District in New Jersey is investigating an attack on its computer network after discovering March 21 that the network was down when they received a ransom message. – South Jersey Times

18. March 24, South Jersey Times – (New Jersey) School district ‘bitcoin hostage’ situation continues; FBI, Homeland Security investigating. Swedesboro-Woolwich School District in New Jersey is investigating an attack on its computer network which caused them to postpone exams after discovering March 21 that their entire network was down when they received a ransom message requesting 500 bitcoins. The district restored encrypted files and is in the process of restoring its servers to remove the malware after email communications, online resources for an exam, Excel spreadsheets, and Adobe PDF files were breached as well. Source: http://www.nj.com/gloucester-county/index.ssf/2015/03/school_district_bitcoin_hostage_situation_continue.html

 · The mayor of the District of Columbia announced March 24 that repair work began on Washington, D.C.’s emergency computer system used to dispatch firetrucks and ambulances, and that additional ambulances and other precautions will be put in place in order to help mitigate the troubled system. – Washington Post

20. March 24, Washington Post – (Washington, D.C.) Widespread problems hamperinnew 911 fire dispatch system in D.C. The mayor of the District of Columbia announced March 24 that repair work began on Washington, D.C.’s emergency computer system used to dispatch firetrucks and ambulances, and that additional ambulances and other precautions will be put in place in order to help mitigate the troubled system. Authorities found that the system has repeatedly malfunctioned sinceit was installed in the fall of 2014, slowing response time for emergency personnel. Source: http://www.washingtonpost.com/local/dc-politics/widespread-problems-hampering-new-911-fire-dispatch-system-in-dc/2015/03/24/345e16d0-d23c-11e4-a62f-ee745911a4ff_story.html

Financial Services Sector

4. March 23, NJ.com – (International) Alleged hacker brought to N.J. on charges of large-scale identity theft. A Romanian national was extradited to the U.S. March 20 to face charges that he allegedly oversaw a large-scale computer hacking scheme in which he breached computer systems of retailers, medical offices, security companies, and individuals’ online accounts to obtain several thousand user names, passwords, and payment card numbers from 2011 – 2014, including 10,000 credit and debit cards from one victim alone. Source: http://www.nj.com/news/index.ssf/2015/03/alleged_hacker_brought_to_nj_on_charges_of_large-s.html

For another story, see item 18 above in Top Stories

Information Technology Sector

22. March 25, Securityweek – (International) Over 15,000 vulnerabilities detected in 2014: Secunia. Secunia released its annual vulnerability review and found that 15,435 vulnerabilities across 3,870 applications from 500 vendors were discovered in 2014, 11 percent of which were considered highly critical while .3 percent were rated extremely critical. The report also states that over 60 percent of attacks occurred through remote networks making it the most common attack vector, among other trends. Source: http://www.securityweek.com/over-15000-vulnerabilities-detected-2014-secunia

23. March 25, Help Net Security – (International) Half of all Android devices vulnerable to installer hijacking attacks. Security researchers at Palo Alto Networks discovered that a critical Android vulnerability discovered over a year ago and dubbed “Android Installer Hijacking”, can allow attackers to completely compromise devices by changing or replacing seemingly legitimate applications with malware during installation without users’ knowledge. The flaw affects all devices running Android versions 4.2 and earlier, and some running version 4.3. Source: http://www.net-security.org/secworld.php?id=18133

24. March 24, Softpedia – (International) Yebot backdoor built for wide range of malicious operations. Security researchers from Dr.Web discovered that a backdoor trojan dubbed Yebot can run file transfer protocol (FTP) and socket secure (SOCKS) 5 proxy servers, gain remote access to systems through a remote desktop protocol (RDP), capture keystrokes and screenshots, intercept system functions, change code of running processes, search for private keys, and intercept all features associated with Web browsing. The trojan infects computers by injecting code into four Microsoft Windows processes before downloading and decrypting its contents and running in memory. Source: http://news.softpedia.com/news/Yebot-Backdoor-Built-for-a-Slew-of-Malicious-Operations-476654.shtml

25. March 24, Softpedia – (International) Leaked full version of NanoCore RAT used to target energy companies. Security researchers at Symantec identified that approximately 40 percent of systems infected by the widely-available NanoCore remote access trojan (RAT) delivered by a malicious rich text format (RTF) or Microsoft Word file that exploits an old vulnerability in Windows Common Controls ActiveX component since January 2014 were in the U.S., while cyber-criminals have been employing the malware in targeted attacks on energy companies in Asia and the Middle East since March 6. Source: http://news.softpedia.com/news/Leaked-Full-Version-of-NanoCore-RAT-Used-to-Target-Energy-Companies-476606.shtml

26. March 24, Softpedia – (International) Over 22.5 million PUAs detected last month by antivirus vendor. Germany-based Avira reported that the company’s antivirus software detected over 22.5 million potentially unwanted applications (PUAs) and highlighted five as the most prevalent in February that could inject malicious code, request sensitive information from users, or extract information without their consent. Source: http://news.softpedia.com/news/Over-22-5-Million-PUAs-Detected-Last-Month-by-Antivirus-Vendor-476650.shtml

For another story, see item 4 above in the Financial Services Sector

Communications Sector

See item 23 above in the Financial Services Sector