IoT malware on the rise with hackers hijacking devices to launch DDoS attacks
Security specialists discovered malware on state computers at the Tettegouche State Park in Silver Bay, Minnesota Reuters

The popular Tettegouche State Park on the North Shore of Lake Superior in Minnesota said its computer systems have been infected with malware, authorities confirmed on Friday (8 September). The malware was discovered on 25 August after security specialists noticed a spike in "unusual activity" around 4pm.

The state park said experts initiated actions to isolate the site, protect sensitive data, and replace any infected equipment. Local authorities said they are conducting a full forensic analysis into the incident.

The state Department of Natural Resources, "out of an abundance of caution" has urged people who visited and made purchases at the park in Silver Bay between 22 August and 25 August to review their credit card accounts and statements for any potentially suspicious activity.

Visitors have also been asked to be wary of any suspect emails claiming to be from the DNR requesting additional personal information.

The DNR approximately 400 credit card transactions were made at the park during that time frame. They also noted there is currently no evidence to suggest that credit card numbers were accessed at the time.

However, the department said they were unable to contact the visitors who made the transactions since they cannot access credit card customers' personal information.

"The virus was isolated to computers at the park," the DNR said in a release, noting that no other DNR or state IT systems were affected in the attack, including the state park reservation system and the DNR website. "Customers should not worry that their park reservation data was compromised."

State park authorities have not provided any specific details regarding the attack, when it occurred or the malicious software infecting its systems.

The DNR said it is working closely with Minnesota IT services to "aggressively investigate" the attack and find out if any sensitive information was compromised in the incident.