Apple Hit By First Ever Mac Malware

This week, we hear the latest on the breach at 21st Century Oncology and the first ever Mac malware.

Malware

Apple Hit By First Ever Mac Malware

Palo Alto Networks discovered the first ever, fully functional piece of malware targeting Mac users, called KeRanger. KeRanger is a piece of ransomware that managed to get downloaded approximately 7,000 times before Apple was able to revoke the digital certificate that allowed it to get downloaded on user’s computers. The hackers managed to infect a popular program for transferring data through BitTorrent, called Transmission. The team at the Transmission project took down the infected 2.90 version of its software and replaced it with version 2.92 that automatically removes the ransomware from infected computers.

Even though the number of infected users is relatively low, particularly compared to Windows users who experienced some 8.8 million attacks in 2015, Symantec still warned on their blog that “Mac users should not be complacent.” These types of attacks often start slow and will rapidly pick up in frequency and scope, especially since there are such a large number of Mac users and a lot of money to be made.

References: Apple Users Stung By First Ever Mac Ransomware | Mac ransomware caught before large number of computers infected | Apple has shut down the first fully-functional Mac OS X ransomware

Mitigation Strategies:

Breach

Cancer Treatment Center Company Breached

21st Century Oncology Holdings, a company operating 145 cancer treatment centers in the United States and 36 in Latin America, notified 2.2 million patients that their health data and Social Security numbers may have been stolen in a security breach. The breach occurred last November and the FBI began investigating the cause and scope, asking 21st Century not to alert their patients to not interfere with the investigation. A large amount of information was copied from the 21st Century databases, including patient names, Social Security numbers, physicians’ names, diagnoses, treatment information, and insurance information.

This breach is indicative of trends in the cyber security field, coming shortly after ransomware locked down Hollywood Presbyterian Hospital and multiple other hospitals in Europe. 21st Century Oncology has pledged one year of free identity theft protection for affected patients and they remain committed to maintaining privacy and security of their patients’ personal information.

References: Cancer Clinic Warns 2.2 Million Patients Of Records Breach | 21st Century Oncology Notifies Patients of Data Security Incident | 21st Century Oncology says investigating cyber breach

Mitigation Strategies:

Top 20 IP Addresses

223.234.142.127 103.242.190.57
69.195.129.72 114.251.42.184
188.118.2.26 81.183.56.217
118.170.130.207 46.109.168.179
188.120.241.136 114.44.192.128
217.29.58.170 87.222.67.194
183.60.48.25 101.231.94.138
222.186.134.155 109.73.233.132
123.249.0.151 83.27.145.91
183.3.202.105 183.3.202.108

*IP addresses provided by Recorded Future.