02/11/21

Critical Infrastructure Daily Brief

Statewide Terrorism & Intelligence Center

Critical Infrastructure Daily Brief

 

**UNCLASSIFIED **

(U) STIC is providing this information to our partner agencies for situational awareness. This document contains information obtained from open source information. While STIC has gone to great lengths to verify the information found in open source documents on the internet, this information may not be accurate.

 

Situational Awareness

Two people were killed and at least another dozen were injured as shots rang out at a house party in Illinois where people were gathering for Halloween. It was one of at least 11 mass shootings in the US over the holiday weekend, including several at places where crowds had assembled. The violence left at least 12 people dead and another 52 injured, according to CNN reporting and an analysis of data from Gun Violence Archive and local news and police reports. CNN defines a mass shooting as an incident with four or more people killed or wounded by gunfire, excluding the shooter. The number of mass shootings in the US increased during the coronavirus pandemic. There have been 599 mass shootings so far this year, according to the archive. There were 611 in 2020 and 417 in 2019, the group said. The increase in mass shootings during the pandemic is consistent with the notion that the violence may be influenced by social and economic factors, researchers have said. Over the weekend, gunfire erupted at house parties, a boxing event and on the streets. These are the mass shootings that took place across seven states.

 

Two people were killed and more than 12 others were injured in an overnight shooting at a Halloween party in Joliet Township, Illinois, according to the Will County Sheriff's Office. Joliet is about 40 miles southwest of Chicago. A sheriff's patrol sergeant heard 10 to 12 gunshots fired in the area of Jackson Street and Walnut Street early Sunday, the sheriff's office said in a news release. The sergeant responded and saw more than 100 people fleeing eastbound on Jackson Street. Law enforcement determined the shooting occurred near a DJ booth set up in the backyard of a residence, the news release said. Witnesses told detectives two people fired on the crowd of nearly 200 from a porch overlooking the party, according to the news release. Two people died at the scene, the sheriff's office said. More than a dozen others were hurt by gunfire and transported to local hospitals. The sheriff's office said the identities of the deceased will not be released until their families are notified. There are no suspects in custody, the news release said, and the shooting is under investigation.

 

A 24-year-old man wearing a Joker costume attacked passengers on a Tokyo train line on Sunday evening. As many as 17 people were injured as they headed for Halloween parties in the city. Witnesses say the suspect was wearing a green shirt and purple suit. He sprayed a clear liquid around the carriage and set it alight. Video footage showed passengers running through carriages away from the flames while others clambered through windows. "I thought it was a Halloween stunt," one witness told the Yomiuri newspaper about the attack. "Then, I saw a man walking this way, slowly waving a long knife." The attack happened at around 20:00 local time (11:00 GMT) near Kokuryo station, in the city's western suburbs. Media reports say the man was arrested by police on the spot. According to news outlet Kyodo, he told police he adored the character Joker in the Batman comics. The Joker is a super villain in the comics and batman's archenemy. The 2019 hit movie Joker, starring actor Joaquin Phoenix, featured a scene where he attacks several men on a train after being repeatedly harassed by them. It's a pivotal moment, marking the beginning of the character's transformation into the Joker. The NHK news agency quoted police as saying that the man had said he had "wanted to kill someone since June" because he had quit his job and seen many of his friendships fall apart. It added that he dressed like the Joker because he "looked up to him". Local media reports say that the suspect told authorities he wanted to kill people so he could be sentenced to death. The AP news agency, citing the Tokyo Fire Department, said three of the injured had serious wounds. Local media reports an elderly man was unconscious after being stabbed in the attack. Video from the scene shows passengers running from the attacker, stumbling through a connecting door between carriages and climbing through the train's windows after it made an emergency stop. Shunsuke Kimura, who filmed one of the videos, told the national NHK broadcaster that the scene was "horrifying". "Train doors were closed and we had no idea what was happening, and we jumped from the windows," he said. Violent crime is rare in Japan but there have been a number of high-profile knife attacks in recent years. Ten people were injured by a knife-wielding man on another Tokyo commuter train in August. In 2019, a man attacked a group of schoolchildren waiting for a bus in Kawasaki, killing two and injuring at least 18 others.

 

Cybersecurity

The Microsoft Detection and Response Team (DART) says it detected an increase in password spray attacks targeting privileged cloud accounts and high-profile identities such as C-level executives. Password spraying is a type of brute force attack where the attackers attempt to gain access to large lists of accounts using a small number of commonly used passwords. These attacks often use the same password while switching from one account to another to find easy to breach accounts and avoid triggering defenses like password lockout and malicious IP blocking (when using a botnet). This tactic makes it less likely to trigger an account lock as it happens when they're targeted in classic brute-forcing attacks that quickly try to log into a small number of accounts by going through an extensive password list, one account at a time. "Over the past year, the Microsoft Detection and Response Team (DART), along with Microsoft's threat intelligence teams, have observed an uptick in the use of password sprays as an attack vector," DART said. "Recently, DART has seen an uptick in cloud administrator accounts being targeted in password spray attacks, so understanding the targets is a good place to start." DART recommends enabling and enforcing multi-factor authentication (MFA) across all accounts whenever possible and adopting passwordless technology to drastically lower the risk of account compromise when targeted by such attacks.

 

Cybersecurity researchers disclosed details of what they say is the "largest botnet" observed in the wild in the last six years, infecting over 1.6 million devices primarily located in China, with the goal of launching distributed denial-of-service (DDoS) attacks and inserting advertisements into HTTP websites visited by unsuspecting users. Qihoo 360's Netlab security team dubbed the botnet "Pink" based on a sample obtained on November 21, 2019, owing to a large number of function names starting with "pink." Mainly targeting MIPS-based fiber routers, the botnet leverages a combination of third-party services such as GitHub, peer-to-peer (P2P) networks, and central command-and-control (C2) servers for its bots to controller communications, not to mention completely encrypting the transmission channels to prevent the victimized devices from being taken over.

 

U.S. prosecutors have charged a 30-year-old man with attempting to extort Major League Baseball and broadcasting illegal game streams after he allegedly breached the league’s website. Attorneys from the Southern District of New York charged Joshua Streit with running HeheStreams.com, a website that allowed users to stream games from the MLB, National Hockey League, National Basketball Association and the National Football League for a fee, according to a complaint. The site attracted a sizable following on social media and discussion forums like Reddit, where fans congregated to praise the cheap prices HeheStreams offered in comparison to the leagues’ official streaming services, the Wall Street Journal reported. In March 2021, prosecutors say, Streit contacted MLB personnel to complain about “a lack of gratitude” after he alerted the organization about a “network vulnerability.” Streit allegedly requested $150,000 from the MLB in exchange for his apparent disclosure. An MLB executive responded to Streit by saying the league does not have a bug bounty program, in which an organization rewards an outsider for reporting legitimate security issues, an increasingly common model in the private sector. Streit responded by saying “MLB should have a bug bounty program for situations like this and that it would be bad if the media found out about the network vulnerability and embarrassed MLB,” according to the complaint. He is now charged with knowingly accessing a protected computer and sending interstate threats with an intent to extort.

 

There’s a fake IRS email that keeps popping into people’s inboxes. It says that you can get a third Economic Impact Payment (EIP) if you click a link that lets you “access the form for your additional information” and “get help” with the application. But the link is a trick. If you click it, a scammer might steal your money and your personal information to commit identity theft. It’s yet another version of the classic government impersonator scam.

 

Energy

At least one person was killed and over a dozen were injured when a pipeline of state oil firm Petroleos Mexicanos (Pemex) exploded in the central Mexican state of Puebla after it was breached by suspected fuel thieves, authorities said on Sunday. Alerted to a gas leak, the Puebla state government said it had averted a higher death toll by evacuating residents from the site in the San Pablo Xochimehuacan municipality before three explosions occurred, wrecking between 30 and 50 homes. President Andres Manuel Lopez Obrador said on Twitter one person had so far died and 15 more were injured in the overnight blast, and that some 1,400 rescue workers had been mobilized. In a news conference hosted by Puebla's government, officials said that within a radius of 1 kilometer of the site, some 2,000 people were evacuated, and that the blaze was under control. Five of the injured were in a serious condition, they said. The blast is the latest deadly incident to affect Pemex's infrastructure, and follows a fire on one of the company's oil platforms in August that killed at least five people. Puebla's governor, Miguel Barbosa, said the incident was sparked by a gas leak caused by an illegal fuel tap. Thanks to the speedy evacuations, a "tragedy of enormous proportions" had been prevented, he added. Barbosa said rescue workers were checking to see if bodies were buried under houses destroyed by the blasts, but noted there were no reports of missing people. Fuel theft has led to a series of accidents in Mexico. Well over 100 people died due to an explosion triggered by an illegal pipeline tap in the neighboring state of Hidalgo in 2019.

 

Related Links


Back to index