Complete DHS Report for April 18, 2016
Daily Report
Top Stories
•IBM Security researchers discovered a hybrid trojan, dubbed
“GozNym” was similar to the Nymaim dropper and the Gozi financial malware and
believed to have stolen millions of dollars from 22 financial institutions in
the U.S. and Canada. – SecurityWeek See item 6 below in
the Financial Services Sector
•A Washington Metropolitan
Area Transit Blue Line train stalled in a tunnel near theRosslyn station in
Virginia April 14, leaving between 100 to 200 riders trapped for morethan 1
hour. – WTTG 5 Washington, D.C.
9. April 14,
WTTG 5 Washington, D.C. – (Virginia) Metro train gets stuck in
tunnel near Rosslyn, all passengers evacuated safely. A train on the
Washington Metropolitan Area Transit Authority’s Blue Line stalled in a tunnel
near the Rosslyn station in Virginia April 14, leaving between 100 to 200
riders trapped for more than 1 hour before officials hauled the train out of
the tunnel and evacuated riders. The disabled train was towed from the station.
•A former owner of Medistat Group Associates in Dallas was
convicted April 13 for falsely billing Medicaid and Medicare nearly $375
million after he and 6 other co-conspirators certified 11,000 Medicare
beneficiaries through more than 500 home health providers from January 2006 –
November 2011. – Associated Press
17. April 14,
Associated Press – (Texas) Jury convicts Texas doctor in biggest home health
care fraud. A doctor and former owner of Medistat Group Associates in
Dallas was convicted April 13 for his role in a false claims scheme that billed
Medicaid and Medicare nearly $375 million after he and at least 6 other
co-conspirators recruited Medicare clients to sign up for home health care
services, falsified records to show that nursing services were being rendered,
and performed unnecessary home visits and ordered unnecessary medical services.
The doctor and co-defendants certified 11,000 Medicare beneficiaries through
more than 500 home health providers between January 2006 and November 2011. Source:
http://www.foxnews.com/health/2016/04/14/jury-convicts-texas-doctor-in-biggest-home-health-care-fraud.html
•Michigan officials reported
that 2 men were charged with conspiracy to commit fraud and interstate
transportation of stolen goods April 14 after the duo allegedly ordered 193
Apple iPhones, worth $180,000 using Amway’s identity. – Grand Rapids Press
27. April 14,
Grand Rapids Press – (Michigan) 2 indicted in $180,000 iPhone mail fraud scheme. The
U.S. District Court in Grand Rapids, Michigan, reported that 2 men were charged
with conspiracy to commit wire fraud, mail fraud, and interstate transportation
of stolen goods April 14 after the two allegedly ordered 193 Apple iPhones,
worth $180,000 by impersonating Amway’s employees and gaining the company’s
account information, which were later used to intercept packages during FedEx
deliveries. Source: http://www.mlive.com/news/grand-rapids/index.ssf/2016/04/2_indicted_in_180000_iphone_ma.html
Financial Services Sector
4. April 14,
U.S. Securities and Exchange Commission – (Vermont) SEC case freezes
assets of ski resort steeped in fraudulent EB-5 offerings. The U.S.
Securities and Exchange Commission charged two owners of Jay Peak Inc., and its
eight business partners for conducting a Ponzi-like fraud scheme April 14 after
the group misused more than $350,000 million, which was raised through
investments and solicited under the EB-5 Immigrant Investor Program by using
the funds for personal expenses and other-than-stated purposes while omitting
key information and making false statements to investors in an effort to
construct ski resort facilities and a biomedical research facility in Vermont. Source:
https://www.sec.gov/news/pressrelease/2016-69.html
5. April 14,
San Francisco Chronicle – (California) 9 charged in alleged San Jose
car insurance fraud ring. The Santa Clara County District Attorney’s Office
reported April 13 that a San Jose body shop manager, his girlfriend, and seven
other body shop owners were charged with insurance fraud after the group
allegedly made more than $140,000 by filing false insurance claims following
the group’s fabrication of over 20 vehicle accidents listed under counterfeit
names from 2011 – 2015. The group purchased the insurance policies days before
each incident and purposely damaged each car to file claims to several
insurance company. Source: http://www.sfgate.com/crime/article/9-charged-in-alleged-San-Jose-car-insurance-fraud-7250094.php
6. April 14,
SecurityWeek – (International) Hybrid trojan “GozNym” targets North American
banks. Researchers from IBM Security discovered a hybrid trojan, dubbed
“GozNym,” which was reported to be similar to the Nymaim dropper and the Gozi
financial malware, leverages Nymaim dropper’s stealth and persistence while
adding trojan capabilities from Gozi’s ISFB parts to facilitate fraud via
infected Internet browsers. The trojan is believed to have stolen millions of
dollars from victims, targeting 22 financial institutions in the U.S. and
Canada including banks, credit unions, e-commerce platforms, and retail
banking.
Information Technology Sector
22. April 15,
SecurityWeek – (International) No patches for QuickTime Flaws as Apple ends
support on Windows. ZDI reported that Apple will no longer release security
updates for Window versions of QuickTime after a security researcher from
Source Incite found a heap corruption vulnerability that could allow an
attacker to exploit the flaw for remote code execution (RCE) once a victim
accesses a maliciously crafted Web site or file. Apple released instructions on
ways to remove QuickTime for Window users and advised users to remove legacy
plugins to enhance their personal computer (PC) security.
23. April 15,
Softpedia – (International) Google, Microsoft address problems in their URL
shorteners. An independent security researcher and a professor at Cornell
Tech discovered that many Universal Resource Language (URL) shortening services
used by Google and Microsoft, employ short random character tokens that can
allow an attacker to infiltrate potential private files holding sensitive
information using brute-force attacks. The researchers found the flaw after
beginning a series of automated scans on Microsoft’s 1drv.com and found it
exceptionally easy to brute-force its small 6-character URLs. Source: http://news.softpedia.com/news/google-microsoft-address-problems-in-their-url-shorteners-503007.shtml
24. April 14,
SecurityWeek – (International) Clever techniques help malware evade AV
engines. Security researchers from FireEye released a study titled, Ghost
in the Endpoint which revealed that various components of malware went
undetected for an extended period of time by antivirus programs including a
backdoor dubbed “GOODTIMES,” which was left undetected due to its disguise as
an Excel file (XLSX) while leveraging a Flash Player exploit.
25. April 14,
Softpedia – (International) Lizzard Squad downs Blizzard servers with
massive DDoS attacks. A Blizzard spokesman reported that its European and
U.S. servers that host games such as World of Warcraft, Diablo 3, and Starcraft
2 experienced connectivity and latency issues for several hours April 14
following an potential denial of service (DDoS) attack allegedly conducted by
Lizard Squad hacking group. Blizzard technical support was working to mitigate
the impact of the attacks. Source: http://news.softpedia.com/news/lizard-squad-downs-blizzard-servers-with-massive-ddos-attacks-502977.shtml
26. April 14,
Softpedia – (International) Microsoft issues optional Windows update to
fix MouseJack vulnerability. Microsoft released its monthly security
updates addressing several vulnerabilities including a flaw dubbed, MouseJack
after security researchers from Bastille found an attacker could spoof data
from a wireless device and force the Universal Serial Bus (USB) dongle to send
fraudulent instructions to the connected personal computer (PC) and execute
malicious actions. Source: http://news.softpedia.com/news/microsoft-issues-optional-windows-update-to-fix-mousejack-vulnerability-502962.shtml
For another story, see item 6 above in the Financial
Services Sector
Communications Sector
Nothing to report