Plus, systems for the city of Tulsa, Oklahoma were hit with ransomware. Also, Apple allows malware to spread and identity theft surges in Kansas. That and more in this week’s Cyber News Rundown.
Ransomware shuts down City of Tulsa
City of Tulsa officials were forced to take several critical systems offline over the weekend to prevent the spread of ransomware. Some systems have since been restored, but multiple bill-paying services and other city websites are still offline as officials work to secure and restore them. The city has stated that no customer or employee information was compromised in the attack, though they are still working to determine the entry point for the infection.
Apple allowed malware to proliferate for six years
Recently released court documents a court case involving Apple revealed the company was aware of a malware campaign affecting more than 128 million devices since 2015, when the malware was first identified. The campaign stemmed from an infiltration of the Apple store, where over 4000 malicious apps were available for download containing versions of the XcodeGhost malware. Of the many thousands of apps that Apple removed, they only publicly identified the top 25 most downloaded, though the other 2,475 were installed on a combined 203 million devices.
Identity theft surging in Kansas
Confirmed identity theft cases have risen over 1800% in the past year in Kansas, possibly as a result of a data breach. In 2020 alone, more than 43,000 Kansans reported some form of identity fraud or theft, involving nearly $600 million in fraudulent unemployment payments and other social benefits. The contributing breach seems to have begun when a citizen accidentally entered the wrong social security number into a Kansas Department of Labor web form, and was then directed to another individual’s account without additional credentials.
Group responsible for pipeline cyberattack claims to be apolitical
After attacking the Colonial Pipeline last week, the DarkSide group has shown some remorse for the economic impact of the attack and denies any political or government affiliation. The group also confirmed that, going forward, they will be monitoring possible victims for the social impact compromising them may cause. While this may lead to the loss of customers for the ransomware as a service group, it may also slow the rate of ransomware attacks on infrastructure and other community-oriented organizations.
Zix email system used to spread phishing campaigns
Researchers recently discovered a phishing campaign using the secure email system Zix in order to remain relatively hidden while spreading. While users are redirected to a Zix authentication page to verify questionable links, the subsequent “Microsoft” landing page contains a malicious link that users may believe is safe. These types of campaigns started by avoiding secure systems, but are now using those features for their own gain.