Tuesday, August 9, 2016



Complete DHS Report for August 9, 2016

Daily Report                                            

Top Stories

• Federal officials approved a $32 million project August 6 permitting Eastern Shore Natural Gas to build new compression facilities, extend natural gas lines, and install more than 10 miles of underground pipes in Delaware. – New Castle County News Journal

1. August 6, New Castle County News Journal – (Delaware) $36M gas pipeline project in Del. wins federal approval. Federal officials approved a $32 million pipeline project August 6 that permits Eastern Shore Natural Gas to extend natural gas transmission lines, install more than 10 miles of underground pipelines, and build new compression facilities in New Castle and Kent counties in Delaware, among other plans in an effort to strengthen its transmission infrastructure. The project will begin in September 2016 and is expected to be completed in 2017. Source: http://www.delawareonline.com/story/money/business/delawareinc/2016/08/06/36m-gas-pipeline-project-del-wins-federal-approval/88332416/

• Eighteen former Midwest Bank officers and directors agreed to pay $26.5 million to the Federal Deposit Insurance Corporation August 5 to settle charges alleging that their negligent lending practices from 2005 – 2008 caused the bank over $128 million in losses. – Chicago Tribune See item 2 below in the Financial Services Sector

• The Hawaii Department of Environmental Services (ENV) reported August 5 that approximately 12,950 gallons of sewage overflowed near the University of Hawaii at Manoa. – KHON 2 Honolulu

18. August 6, KHON 2 Honolulu– (Hawaii) Nearly 13,000 gallons of sewage spill in University area. Officials from the Hawaii Department of Environmental Services (ENV) reported August 5 that approximately 12,950 gallons of sewage overflowed near the University of Hawaii at Manoa after debris that entered a storm drain caused blockage. Crews released the blockage, cleaned the area, and advised swimmers to avoid Magic Island and the Ala Wai Boat Harbor. Source: http://khon2.com/2016/08/06/nearly-13000-gallons-of-sewage-spill-in-university-area/

• A former office manager at a dentist’s office in White Plains, New York, was charged August 4 after she allegedly embezzled over $500,000 from the business from December 2007 – March 2015. – Lower Hudson Valley Journal News

19. August 6, Lower Hudson Valley Journal News – (New York) Mohegan Lake woman stole $500K from employer, police say. A former office manager at Advanced Periodontics and Implant Dentistry of Westchester in White Plains, New York, was charged August 4 after she allegedly embezzled over $500,000 from the business by opening an unauthorized business credit card to pay for her personal expenses from December 2007 – March 2015. Source: http://www.lohud.com/story/news/crime/2016/08/06/mohegan-lake-woman-stole-employer/88325462/

Financial Services Sector

2. August 5, Chicago Tribune – (Illinois) Midwest Bank officials, FDIC in settlement for $26.5 million over loans. The Federal Deposit Insurance Corporation announced August 5 that 18 former Midwest Bank officers and directors agreed to pay a total of $26.5 million to settle charges alleging that the officers’ negligence in lending over $100 million to 6 risky borrowers from 2005 – 2008 without properly analyzing the borrowers’ creditworthiness caused the bank over $128 million in losses. Source: http://www.chicagotribune.com/business/ct-midwest-bank-settlement-0805-biz-20160804-story.html

3. August 5, SecurityWeek – (International) New ATM hacking method uses stolen EMV card data. Rapid7 researchers discovered that Europay, Mastercard, and Visa (EMV) cards are susceptible to fraudulent transactions after finding that an attacker could insert a shimming device into the card slot of a point-of-sale (PoS) system to intercept and capture card data, which is then remotely sent to another device, dubbed “La-Cara.” La-Cara feeds the stolen transaction data to the targeted ATM, thereby allowing the fraudsters to withdraw up to $50,000 from the victim’s card. Source: http://www.securityweek.com/new-atm-hacking-method-uses-stolen-emv-card-data

Information Technology Sector

27. August 8, Help Net Security – (International) Remote Butler attack; APT groups’ dream come true. Microsoft security researchers developed an extension of the “Evil Maid” attack dubbed “Remote Butler” which allows attackers to bypass local Windows authentication to defeat full disk encryption without physical access to the targeted device. A patch released by Microsoft for the “Evil Maid” attack also prevents attackers from carrying out a “Remote Butler” attack. Source: https://www.helpnetsecurity.com/2016/08/08/remote-butler-attack/

28. August 6, Softpedia – (International) Cerber ransomware v2 spotted online, is now undecryptable. Trend Micro researcher PanicAll discovered that the Cerber ransomware was updated in versions v1.5 and v2 to break a previous decryption tool that allowed users to recover their hacked files for free. The updates changed the extension added at the end of each encrypted file from “.cerber” to “.cerber2,” and extended encryption keys generated by CryptGenRandom Microsoft application programming interface (API) from 16 bytes to 32 bytes, among other updates. Source: http://news.softpedia.com/news/cerber-ransomware-v2-spotted-online-is-now-undecryptable-507045.shtml

29. August 6, Softpedia – (International) Linux botnets dominate the DDoS landscape. Kaspersky Lab released its distributed denial-of-service (DDoS) Intelligence Report which reported that Linux botnets accounted for 70.2 percent of all DDoS attacks initiated during quarter 2 (Q2) of 2016, while only 44.5 percent of DDoS attacks were carried out by Linux botnets in quarter 1. The report also stated that SYN DDoS attacks were the most popular methods for DDoS attacks during Q2, followed by transmission control protocol (TCP), Hypertext Transfer Protocol Secure (HTTP), and Internet control message protocol (ICMP) floods. Source: http://news.softpedia.com/news/linux-botnets-dominate-the-ddos-landscape-507043.shtml

30. August 5, Softpedia – (International) New Remcos RAT available for purchase on underground hacking forums. Symnatec researchers reported that a malware developer dubbed Viotto posted the Remcos Remote Access Trojan (RAT) targeting Microsoft Windows versions XP and higher for sale on underground hacking forums, which allows hackers the ability to take screenshots of infected computers, log keystrokes offline or in real times, and record content via the infected device’s camera, among other malicious actions, and send the stolen data encrypted via Hypertext Transfer Protocol Secure (HTTPS) to the command and control (C&C) server. Researchers also discovered the trojan can queue operations to be carried out when the victim goes online and includes a password dumping component that can dump passwords from applications like Microsoft’s Internet Explorer, Mozilla Firefox, and Apple Inc.’s Safari, among others. Source: http://news.softpedia.com/news/new-remcos-rat-available-for-sale-on-underground-hacking-forums-507018.shtml

31. August 5, SecurityWeek – (International) VMware Tools flaw allowed code execution via DLL hijacking. VMware published an advisory describing two vulnerabilities in several of its products including a dynamic-link library (DLL) hijacking issue in the Windows version of VMware Tools related to the VMware Host Guest Client Redirector component that could be exploited to execute arbitrary code on a targeted system after finding that when a document is opened from a uniform naming convention (UNC) path, the Client Redirector injects a DLL named “vmhgfs.dll” into the file in order to open the file, allowing an attacker to load a malicious DLL into the application and to compromise the system. The second vulnerability is a Hypertext Transfer Protocol Secure (HTTP) header injection issue in vCenter Server and ESXi caused by a lack of input validation that could allow a hacker to launch cross-site scripting (XSS) or malicious redirect attacks.Source: http://www.securityweek.com/vmware-tools-flaw-allowed-code-execution-dll-hijacking

Communications Sector

See item 5 below from the Transportation Systems Sector

5. August 8, NBC News – (International) Delta warns of chaos after power outage, worldwide system failure. A power outage at the Delta Airlines headquarters in Atlanta August 8 caused a global computer failure that forced the cancellation of at least 451 flights and left less than 1,700 of the company’s 6,000 scheduled flights in operation. The outage affected check-in systems, airport screens, as well as the airline Website and smartphone apps for more than 6 hours. Source: http://www.nbcnews.com/business/travel/delta-system-outage-triggers-delays-worldwide-n625141