Complete DHS Report for March
26, 2015
Daily Report
Top Stories
· A
Romanian national was extradited to the U.S. March 20 to face charges that he
alleged a large-scale hacking scam in which he breached computer systems of
retailers, medicoffices, security companies, and individuals’ online accounts.
– NJ.com
See
item 4 below in the Financial Services Sector
· Officials
are investigating the source of a leak that is causing the loss of more than
600,0gallons of water a day in Rutland, Vermont, and has been affecting
customers’ water pressure since March 21. – Associated Press; Rutland Herald
17. March 25,
Associated Press; Rutland Herald – (Vermont) Vermont city losing
600K-plus gallons of water daily in leak. Officials are investigating the
source of a leak that is causing the loss of more than 600,000 gallons of water
a day in Rutland, Vermont, and has been affecting customers’ water pressure
since March 21. The city’s Public Works Commissioner reported that workers are
inspecting valves, hydrants, and vacant buildings, and announced a plan to
isolate and check 3 transmission lines running from a water plant into the
city. Source: http://abcnews.go.com/US/wireStory/vermont-city-losing-600k-gallons-water-daily-leak-29892445
· Swedesboro-Woolwich
School District in New Jersey is investigating an attack on its computer
network after discovering March 21 that the network was down when they received
a ransom message. – South Jersey Times
18. March
24, South Jersey Times – (New Jersey) School district ‘bitcoin
hostage’ situation continues; FBI, Homeland Security investigating. Swedesboro-Woolwich
School District in New Jersey is investigating an attack on its computer
network which caused them to postpone exams after discovering March 21 that
their entire network was down when they received a ransom message requesting
500 bitcoins. The district restored encrypted files and is in the process of
restoring its servers to remove the malware after email communications, online
resources for an exam, Excel spreadsheets, and Adobe PDF files were breached as
well. Source: http://www.nj.com/gloucester-county/index.ssf/2015/03/school_district_bitcoin_hostage_situation_continue.html
· The
mayor of the District of Columbia announced March 24 that repair work began on
Washington, D.C.’s emergency computer system used to dispatch firetrucks and
ambulances, and that additional ambulances and other precautions will be put in
place in order to help mitigate the troubled system. – Washington Post
20. March 24,
Washington Post – (Washington, D.C.) Widespread problems hamperinnew 911 fire
dispatch system in D.C. The mayor of the District of Columbia announced
March 24 that repair work began on Washington, D.C.’s emergency computer system
used to dispatch firetrucks and ambulances, and that additional ambulances and
other precautions will be put in place in order to help mitigate the troubled
system. Authorities found that the system has repeatedly malfunctioned sinceit
was installed in the fall of 2014, slowing response time for emergency personnel.
Source: http://www.washingtonpost.com/local/dc-politics/widespread-problems-hampering-new-911-fire-dispatch-system-in-dc/2015/03/24/345e16d0-d23c-11e4-a62f-ee745911a4ff_story.html
Financial Services Sector
4. March
23, NJ.com – (International) Alleged hacker brought to N.J. on
charges of large-scale identity theft. A Romanian national was extradited
to the U.S. March 20 to face charges that he allegedly oversaw a large-scale
computer hacking scheme in which he breached computer systems of retailers,
medical offices, security companies, and individuals’ online accounts to obtain
several thousand user names, passwords, and payment card numbers from 2011 –
2014, including 10,000 credit and debit cards from one victim alone. Source: http://www.nj.com/news/index.ssf/2015/03/alleged_hacker_brought_to_nj_on_charges_of_large-s.html
For another story, see item 18 above
in Top Stories
Information Technology Sector
22. March 25,
Securityweek – (International) Over 15,000 vulnerabilities detected in 2014:
Secunia. Secunia released its annual vulnerability review and found that
15,435 vulnerabilities across 3,870 applications from 500 vendors were
discovered in 2014, 11 percent of which were considered highly critical while
.3 percent were rated extremely critical. The report also states that over 60
percent of attacks occurred through remote networks making it the most common
attack vector, among other trends. Source: http://www.securityweek.com/over-15000-vulnerabilities-detected-2014-secunia
23. March 25,
Help Net Security – (International) Half of all Android devices vulnerable to
installer hijacking attacks. Security researchers at Palo Alto Networks
discovered that a critical Android vulnerability discovered over a year ago and
dubbed “Android Installer Hijacking”, can allow attackers to completely
compromise devices by changing or replacing seemingly legitimate applications
with malware during installation without users’ knowledge. The flaw affects all
devices running Android versions 4.2 and earlier, and some running version 4.3.
Source: http://www.net-security.org/secworld.php?id=18133
24. March 24,
Softpedia – (International) Yebot backdoor built for wide range of
malicious operations. Security researchers from Dr.Web discovered that a
backdoor trojan dubbed Yebot can run file transfer protocol (FTP) and socket
secure (SOCKS) 5 proxy servers, gain remote access to systems through a remote
desktop protocol (RDP), capture keystrokes and screenshots, intercept system
functions, change code of running processes, search for private keys, and
intercept all features associated with Web browsing. The trojan infects
computers by injecting code into four Microsoft Windows processes before
downloading and decrypting its contents and running in memory. Source: http://news.softpedia.com/news/Yebot-Backdoor-Built-for-a-Slew-of-Malicious-Operations-476654.shtml
25. March 24,
Softpedia – (International) Leaked full version of NanoCore RAT used to
target energy companies. Security researchers at Symantec identified that
approximately 40 percent of systems infected by the widely-available NanoCore
remote access trojan (RAT) delivered by a malicious rich text format (RTF) or
Microsoft Word file that exploits an old vulnerability in Windows Common
Controls ActiveX component since January 2014 were in the U.S., while
cyber-criminals have been employing the malware in targeted attacks on energy
companies in Asia and the Middle East since March 6. Source: http://news.softpedia.com/news/Leaked-Full-Version-of-NanoCore-RAT-Used-to-Target-Energy-Companies-476606.shtml
26. March 24,
Softpedia – (International) Over 22.5 million PUAs detected last month by
antivirus vendor. Germany-based Avira reported that the company’s antivirus
software detected over 22.5 million potentially unwanted applications (PUAs)
and highlighted five as the most prevalent in February that could inject
malicious code, request sensitive information from users, or extract
information without their consent. Source: http://news.softpedia.com/news/Over-22-5-Million-PUAs-Detected-Last-Month-by-Antivirus-Vendor-476650.shtml
For another story, see item 4 above in the Financial Services Sector
Communications Sector
See item 23 above in the Financial Services Sector