Tuesday, July 12, 2016



Complete DHS Report for July 12, 2016

Daily Report                                            

Top Stories

• Security researchers from IBM’s X-Force Research reported that the GootKit trojan, which targets banks internationally, has updated its source and mode of operation to avoid antivirus detection by changing its installation method. – Softpedia See item 4 below in the Financial Services Sector

• The FBI offered a reward July 8 in exchange for information leading to the capture of a man dubbed the “Hipster Bandit” who is suspected of robbing eight banks and attempting to rob two others in San Diego County since September 2015. – KNSD 39 San Diego See item 5 below in the Financial Services Sector

• Officials announced July 11 that 2 Alabama campers were arrested for arson in the Cold Springs Fire which grew to 538 acres and forced the evacuation of nearly 2,000 residents near Boulder County, Colorado. – KUSA 9 Denver

22. July 11, KUSA 9 Denver – (Colorado) 2 campers arrested for arson in Cold Springs Fire. The Boulder County Sheriff’s Office announced July 11 that 2 Alabama campers were arrested for arson in the Cold Springs Fire which grew to 538 acres and forced the evacuation of nearly 2,000 residents near Boulder County, Colorado. Source: http://www.9news.com/news/local/wildfires/2-campers-arrested-for-arson-in-cold-springs-fire/268906229

• Omni Hotels & Resorts reported July 8 that its point-of-sale (PoS) systems were allegedly compromised after discovering malware attacks on its network May 30, which intended to collect payment card data. – IDG News Service

25. June 11, IDG News Service – (National) Omni Hotels was hit by point-of-sale malware. Omni Hotels & Resorts reported July 8 that its point-of-sale (PoS) systems were allegedly compromised after discovering malware attacks on its network May 30, which were intended to collect certain payment card information including cardholder names, credit/debit card numbers, security codes, and expiration dates. The luxury hotel did not disclose how many of its 60 properties were affected.

Financial Services Sector

4. July 11, Softpedia – (International) GootKit banking trojan receives massive update. Security researchers from IBM’s X-Force Research reported that the GootKit trojan, which targets banks internationally, has updated its source and mode of operation to avoid antivirus detection by changing its installation method to use scheduled tasks that run every minute, allowing the trojan to run with least-privilege user accounts (LUA) and administrator accounts.

5. July 8, KNSD 39 San Diego – (California) FBI seeks ‘Hipster Bandit,’ offers $20K reward. The FBI offered a reward July 8 in exchange for information leading to the capture of a man dubbed the “Hipster Bandit” who is suspected of robbing eight banks and attempting to rob two others in San Diego County since September 2015, including a Wells Fargo Bank branch July 2.

6. July 7, U.S. Attorney’s Office, District of Connecticut – (Connecticut) Norwich resident admits role in insurance fraud scheme. A Norwich, Connecticut resident pleaded guilty July 7 for his role in an insurance fraud scheme where he and co-conspirators staged approximately 50 car crashes in southeastern Connecticut, and filed fraudulent property damage and bodily injury claims with various automobile insurance companies in order to collect up to $30,000 in insurance payouts per fraudulent claim between April 2011 and February 2014. Source: https://www.justice.gov/usao-ct/pr/norwich-resident-admits-role-insurance-fraud-scheme

Information Technology Sector

24. July 11, Softpedia – (International) MIUI vulnerability affects millions of Xiaomi Android devices. Security researchers from IBM’s Security Intelligence team reported that a remote code execution (RCE) vulnerability exists in MIUI analytics component in versions prior to MIUI Global Stable 7.2 after researchers discovered that the self-update mechanism can be hijacked via a Man-in-the-Middle (MitM) attack and used to deliver malicious update packages. The analytics package uses Hypertext Transfer Protocol (HTTP) to query an update server for upgrades and downloads the update requests, allow attackers to watch for requests and use basic spoofing techniques.

For another story, see item 4 above in the Financial Services Sector

Communications Sector

Nothing to report