Complete DHS Report for December 30, 2016
• Troy, Michigan-based United Shore Financial Services LLC agreed December 28 to pay $48 million to resolve alleged violations of the False Claims Act by deliberately originating and underwriting federally insured mortgage loans. – U.S. Department of Justice See item 2 below in the Financial Services Sector
• The owner and marketing director of Salon Success Strategies was arrested December 21 in Roseville, California, for allegedly bilking 10 or more of her clients’ customers out of more than $100,000 since 2014. – Sacramento Bee See item 3 below in the Financial Services Sector
• A Romanian citizen pleaded guilty December 28 to stealing $127,000 through skimming devices on bank ATMs in Chatham and Delmar, New York, and in Great Barrington, Massachusetts, between August and October 2015. – Albany Times Union See item 4 below in the Financial Services Sector
• The U.S. President designated December 28 Bears Ears National Monument in Utah, which will span 1.35 million acres of tribal land in the Four Corners region of the State. – Associated Press
15. December 29, Associated Press – (Utah; Nevada) President designates Bears Ears National Monument in Utah. The U.S. President designated December 28 Bears Ears National Monument in Utah, which will span 1.35 million acres of tribal land in the Four Corners region of the State as part of an effort to ensure protections for lands that are home to roughly 100,000 archaeological sites. The U.S. President also designated the Gold Butte National Monument near Las Vegas, which will cover 300,000 acres of ecologically fragile land. Source: http://www.nbc11news.com/content/news/408552945.html
Financial Services Sector
2. December 28, U.S. Department of Justice – (National) United Shore Financial Services LLC agrees to pay $48 million to resolve alleged False Claims Act liability arising from FHA-insured mortgage lending. Troy, Michigan-based United Shore Financial Services LLC (USFS) agreed December 28 to pay $48 million to resolve alleged violations of the False Claims Act by deliberately originating and underwriting mortgage loans insured by the U.S. Department of Housing and Urban Development (HUD)’s Federal Housing Administration (FHA) from January 2006 – December 2011 that did not meet relevant requirements, causing HUD to insure hundreds of loans approved by USFS that were not eligible for FHA mortgage insurance under the Direct Endorsement program. As part of the settlement, USFS admitted it inappropriately pressured underwriters to approve FHA mortgages, and falsely certified that direct endorsement underwriters personally reviewed appraisal reports before USFS approved and endorsed mortgages for FHA insurance, among other violations. Source: https://www.justice.gov/opa/pr/united-shore-financial-services-llc-agrees-pay- 48-million-resolve-alleged-false-claims-act
3. December 28, Sacramento Bee – (International) Roseville police: Woman ran up fraudulent credit card charges of salon, day spa customers. The owner and marketing director of Salon Success Strategies was arrested December 21 in Roseville, California, for allegedly bilking 10 or more of her clients’ customers in California, Florida, Canada, and Australia out of more than $100,000 by fraudulently charging their credit cards since 2014.
4. December 28, Albany Times Union – (Massachusetts; New York) Feds: ATM skimmer admits stealing $127,000. A Romanian citizen pleaded guilty December 28 to stealing $127,000 through skimming devices he and a co-conspirator installed on ATMs at First Niagara Bank, TrustCo Bank, and Berkshire Bank branches in Chatham and Delmar, New York, and in Great Barrington, Massachusetts, between August and October 2015. Source: http://www.timesunion.com/local/article/Feds-ATM-skimmer-admits-stealing- 127-000-10823421.php
For another story, see item 18 below from the Commercial Facilities Sector
18. December 29, SecurityWeek – (National) InterContinental Hotels investigating possible card breach. InterContinental Hotels Group PLC (IHG) announced December 29 it is investigating a possible payment card breach at some of its U.S. locations after the firm was notified of a report of unauthorized charges occurring on customers’ debit and credit cards that were used at the company’s properties. IHG officials advised customers to monitor their payment card statements until the investigation is completed.
Information Technology Sector
16. December 28, SecurityWeek – (International) Destructive KillDisk malware turns into ransomware. A CyberX security researcher reported that a recently observed variant of the KillDisk malware encrypts each file with a specific Advanced Encryption Standard (AES) key, which are subsequently encrypted using an RSA 1028 key stored in the body of the malware, and holds the files for ransom instead of deleting them. The ransomware is designed to encrypt select types of files, including source code, emails and media files, and documents, among other file types, and requires elevated privileges.
17. December 28, SecurityWeek – (International) Vulnerabilities plague PHP 7’s unserialize mechanism. Check Point security researchers reported that PHP 7’s unserialize function is plagued with three vulnerabilities that can be exploited to read memory, forge objects, and achieve code execution on the impacted server. The researchers found that the first two flaws could enable a malicious actor to take total control of the affected server, while the third flaw can be used to create a denial-of-service (DoS) attack.
For another story, see item 13 below from the Healthcare and Public Health Sector
13. December 29, SecurityWeek – (National) FDA releases guidance for medical device cybersecurity. The U.S. Food and Drug Administration (FDA) released December 29 guidance on the management of cybersecurity risks for medical devices after they have been deployed on a patient’s home network, in a patient’s body, or on a hospital’s network, which advises medical device manufacturers to establish and maintain a process for detecting cybersecurity holes in their devices, evaluating and controlling the associated risks, and deploying hardware and software patches and updates before the vulnerabilities are exploited. The guidance states that manufacturers do not need to report the vulnerabilities to the FDA unless they result in patient death or other adverse events, or cannot be patched within 60 days.
Nothing to report
Complete DHS Report for December 29, 2016
• An operator at PDC Capital Group, LLC was charged December 27 after he allegedly used the firm to defraud investors in China into investing $72 million in EB-5 projects. – U.S. Securities and Exchange Commission See item 3 below in the Financial Services Sector
• Port Huron, Michigan officials reported that approximately 5,000 gallons of combined wastewater overflowed into the Black River December 26. – Port Huron Times Herald
11. December 28, Port Huron Times Herald – (Michigan) Wastewater discharges into Black River. The Port Huron Wastewater Treatment Plant in Michigan reported that approximately 5,000 gallons of combined wastewater, including roughly 500 gallons of sanitary wastewater, overflowed into the Black River by Riverside Drive at McPherson Street December 26. Source: http://www.thetimesherald.com/story/news/local/port-huron/2016/12/28/wastewater-discharges-into-black-river/95907174/
• Officials announced December 27 that the personal information of 15,000 people may have been compromised after a former patient at the New Hampshire Hospital in Concord accessed the information and posted it on the Internet in October 2015. – Associated Press
12. December 27, Associated Press – (New Hampshire) New Hampshire psychiatric patient accused of data breach. The commissioner of the New Hampshire Department of Health and Human Services announced December 27 that the personal information of 15,000 people who have received department services may have been compromised after a former patient at the New Hampshire Hospital in Concord accessed the information using a computer in the facility’s library and posted it on the Internet in October 2015. There is no evidence that the data was misused or that banking information was accessed during the breach. Source: http://www.dailyprogress.com/new-hampshire-psychiatric-patient-accused-of-data-breach/article_8b048ffe-abd5-5d6e-8854-d874962d9125.html
• The former treasurer of Ballard County, Kentucky, pleaded guilty December 27 for her role in a scheme where she obtained roughly $450,000 in bank loans without authorization from the county’s Fiscal Court. – Glasgow Daily Times
13. December 28, Glasgow Daily Times – (Kentucky) Former Ballard County treasurer guilty of bank and wire fraud. The former treasurer of Ballard County, Kentucky, pleaded guilty December 27 for her role in a scheme where she obtained roughly $450,000 in bank loans using a $500,000 Ballard County Certificate of Deposit as collateral without authorization from the county’s Fiscal Court and deceived the court about the loans by failing to report the loans and concealing the loan’s proceeds. The former treasurer also routinely wrote checks to herself for fraudulent medical reimbursement payments that totaled more than $27,000.
Financial Services Sector
3. December 27, U.S. Securities and Exchange Commission – (International) SEC charges lawyer with stealing investor money in EB-5 offerings. A California-based attorney and operator of marketing firm PDC Capital Group, LLC was charged December 27 after he allegedly used PDC Capital to defraud investors in China into investing $72 million in several EB-5 immigrant investor program projects, which included opening Caffe Primo restaurants, and developing assisted living facilities, among other projects, and then outright stole at least $9.6 million to fund his own businesses and personal expenses despite his supposed awareness that his actions would violate Federal regulations and jeopardize the visas of the foreign investors.Source: https://www.sec.gov/news/pressrelease/2016-281.html
For another story, see item 13 above in Top Stories
Information Technology Sector
16. December 27, SecurityWeek – (International) IBM reports significant increase in ICS attacks. IBM Managed Security Services reported that the number of attacks targeting industrial control systems (ICS) increased by 110 percent in 2016 compared to 2015 due to brute force attacks on supervisory control and data acquisition (SCADA) systems. IBM stated that the U.S. was both the top destination and top source of ICS attacks observed since the beginning of 2016, with nearly 90 percent of ICS attacks targeting the U.S. and 60 percent coming from the U.S.
17. December 28, SecurityWeek – (International) “Switcher” Android trojan hacks routers, hijacks traffic. Kaspersky Lab researchers discovered an Android trojan, dubbed Switcher is concealed as an Android client for the Chinese search engine, Baidu, and a Chinese app for sharing Wi-Fi network details, and once installed, guesses the username and password of the router that the infected Android device is connected to in order to hack the router and replace the device’s primary and secondary Domain Name System (DNS) servers with Internet Protocol (IP) addresses leading to rogue DNS servers in order to redirect traffic to a malicious Website. The researchers warned that Switcher targets the entire network and exposes all users to a variety of secondary attacks.