Cunning tech-savvy pirates hacked a shipping company’s systems, enabling them to carefully target cargo on the firm’s vessels.
A report released by Verizon RISK (Research, Investigations, Solutions and Knowledge) Team reveals that “a global shipping conglomerate” fell victim to the high-tech pirates. The unnamed company contacted the Verizon cyber specialists after the pirates adopted a new strategy.
“Rather than spending days holding boats and their crew hostage while they rummaged through the cargo, these pirates began to attack shipping vessels in an extremely targeted and timely fashion,” the report said. “Specifically, they would board a shipping vessel, force the crew into one area and within a short amount of time they would depart.”
Hours later, when the ships’ crews left their safe rooms, they discovered that the pirates had targeted certain cargo containers. “It became apparent to the shipping company that the pirates had specific knowledge of the contents of each of the shipping crates being moved,” the report explained. “They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident.”
Armed with this information, the Verizon RISK Team examined the company’s systems. The shipping firm used a homegrown Content Management System (CMS) to manage its shipping inventory and the documents required for shipping freight. “We then honed in on the network traffic surrounding the CMS managing shipping routes,” said Verizon RISK Team. “We discovered that a malicious web shell had been uploaded onto the server.”
Web shells can compromise legitimate web apps on a server. “The threat actors used an insecure upload script to upload the web shell and then directly call it as this directory was web accessible,” noted Verizon RISK Team. “Essentially, this allowed the threat actors to interact with the webserver and perform actions such as uploading and downloading data, as well as running various commands.”
Chillingly, the hackers were able to pull down documents for future shipments, identify specific crates and the vessels scheduled to carry them. Verizon RISK Team did not reveal specific details of how it tackled the hackers but said that it capitalized on “several mistakes” made by the high-tech pirates.
The report did not reveal the location of the incidents or when they happened, although there been frequent attacks by Somali pirates on commercial shipping off Africa’s east coast in recent years.
Related: 3 biggest security threats of 2016
Cybercriminals are becoming increasingly brazen in their attacks on critical systems. Identity thieves, for example, recently targeted the Internal Revenue Service with malware and personal information stolen from elsewhere, which they used to generate 101,000 e-filing PIN numbers. Last month a Hollywood hospital paid nearly $17,000 in bitcoins to hackers who disabled its computer network.
Follow James Rogers on Twitter @jamesjrogers