Cunning tech-savvy pirates hacked a shipping company’s systems, enabling them to carefully target cargo on the firm’s vessels.
A report released by Verizon RISK (Research, Investigations, Solutions and Knowledge) Team reveals that “a global shipping conglomerate” fell victim to the high-tech pirates. The unnamed company contacted the Verizon cyber specialists after the pirates adopted a new strategy.
“Rather than spending days holding boats and their crew hostage while they rummaged through the cargo, these pirates began to attack shipping vessels in an extremely targeted and timely fashion,” the report said. “Specifically, they would board a shipping vessel, force the crew into one area and within a short amount of time they would depart.”
Hours later, when the ships’ crews left their safe rooms, they discovered that the pirates had targeted certain cargo containers. “It became apparent to the shipping company that the pirates had specific knowledge of the contents of each of the shipping crates being moved,” the report explained. “They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident.”
Armed with this information, the Verizon RISK Team examined the company’s systems. The shipping firm used a homegrown Content Management System (CMS) to manage its shipping inventory and the documents required for shipping freight. “We then honed in on the network traffic surrounding the CMS managing shipping routes,” said Verizon RISK Team. “We discovered that a malicious web shell had been uploaded onto the server.”
Web shells can compromise legitimate web apps on a server. “The threat actors used an insecure upload script to upload the web shell and then directly call it as this directory was web accessible,” noted Verizon RISK Team. “Essentially, this allowed the threat actors to interact with the webserver and perform actions such as uploading and downloading data, as well as running various commands.”
Chillingly, the hackers were able to pull down documents for future shipments, identify specific crates and the vessels scheduled to carry them. Verizon RISK Team did not reveal specific details of how it tackled the hackers but said that it capitalized on “several mistakes” made by the high-tech pirates.
The report did not reveal the location of the incidents or when they happened, although there been frequent attacks by Somali pirates on commercial shipping off Africa’s east coast in recent years.
Cybercriminals are becoming increasingly brazen in their attacks on critical systems. Identity thieves, for example, recently targeted the Internal Revenue Service with malware and personal information stolen from elsewhere, which they used to generate 101,000 e-filing PIN numbers. Last month a Hollywood hospital paid nearly $17,000 in bitcoins to hackers who disabled its computer network.
A report released by Verizon RISK (Research, Investigations, Solutions and Knowledge) Team reveals that “a global shipping conglomerate” fell victim to the high-tech pirates. The unnamed company contacted the Verizon cyber specialists after the pirates adopted a new strategy.
“Rather than spending days holding boats and their crew hostage while they rummaged through the cargo, these pirates began to attack shipping vessels in an extremely targeted and timely fashion,” the report said. “Specifically, they would board a shipping vessel, force the crew into one area and within a short amount of time they would depart.”
Hours later, when the ships’ crews left their safe rooms, they discovered that the pirates had targeted certain cargo containers. “It became apparent to the shipping company that the pirates had specific knowledge of the contents of each of the shipping crates being moved,” the report explained. “They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident.”
Armed with this information, the Verizon RISK Team examined the company’s systems. The shipping firm used a homegrown Content Management System (CMS) to manage its shipping inventory and the documents required for shipping freight. “We then honed in on the network traffic surrounding the CMS managing shipping routes,” said Verizon RISK Team. “We discovered that a malicious web shell had been uploaded onto the server.”
Web shells can compromise legitimate web apps on a server. “The threat actors used an insecure upload script to upload the web shell and then directly call it as this directory was web accessible,” noted Verizon RISK Team. “Essentially, this allowed the threat actors to interact with the webserver and perform actions such as uploading and downloading data, as well as running various commands.”
Chillingly, the hackers were able to pull down documents for future shipments, identify specific crates and the vessels scheduled to carry them. Verizon RISK Team did not reveal specific details of how it tackled the hackers but said that it capitalized on “several mistakes” made by the high-tech pirates.
The report did not reveal the location of the incidents or when they happened, although there been frequent attacks by Somali pirates on commercial shipping off Africa’s east coast in recent years.
Cybercriminals are becoming increasingly brazen in their attacks on critical systems. Identity thieves, for example, recently targeted the Internal Revenue Service with malware and personal information stolen from elsewhere, which they used to generate 101,000 e-filing PIN numbers. Last month a Hollywood hospital paid nearly $17,000 in bitcoins to hackers who disabled its computer network.
From high seas to high tech: Pirates hack shipping company
Reviewed by Queency
on
20:02:00
Rating:
YoBit lets you to claim FREE COINS from over 100 unique crypto-currencies, you complete a captcha once and claim as many as coins you want from the available offers.
ReplyDeleteAfter you make about 20-30 claims, you complete the captcha and continue claiming.
You can press CLAIM as many times as 30 times per one captcha.
The coins will safe in your account, and you can exchange them to Bitcoins or USD.