The latest group using hacking for nefarious gains: pirates. Synopsys’ Robert Vamosi checks out how a shipping company’s insecure cargo software led to targeted attacks on the open sea.
At this year RSA Conference, the data breach investigators at Verizon released a Data Breach Digest identifying 18 representative cases from the more than 500 cybersecurity incidents the team has investigated in more than 40 countries. These cases will be used in the Verizon Data Breach Investigation Report 2016 yet to come. For the moment, they provide an in-depth look at specific data breach examples over the years.
One example included sea-faring pirates who used a data breach to target their victims.
“Rather than spending days holding boats and their crew hostage while they rummaged through the cargo, these pirates began to attack shipping vessels in an extremely targeted and timely fashion,” the RISK team wrote in the report. “Specifically, they would board a shipping vessel, force the crew into one area and within a short amount of time they would depart. When crews eventually left their safe rooms hours later, it was to find that the pirates had headed straight for certain cargo containers.”
“It became apparent to the shipping company that the pirates had specific knowledge of the contents of each of the shipping crates being moved. They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident.”
In this case the shipping company used a home-grown cargo management system (CMS) to track its inventories.
The pirates, however, were not very skilled. The shell script they ran used straight HTTP rather than the encrypted HTTPS allowing the investigators to see what they were doing. “We were ultimately able to capture every command the threat actors issued, which painted a very clear picture,” the RISK team wrote. “These threat actors, while given points for creativity, were clearly not highly skilled. For instance, we found numerous mistyped commands and observed that (they) constantly struggled to interact with the compromised servers.”
“The threat actors also showed a lack of concern for their own operational security by failing to use a proxy and connecting directly from their home system,” the RISK team noted.
Capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners.
With so many previously outlined ways to infiltrate networks on-board shipping vessels (think satcom hacking, phishing, USB attacks, insecure crew Wi-Fi, etc.), the question becomes, what could an adversary do with that access?
“If one was suitably motivated, perhaps by a nation-state or a crime syndicate, one could bring about the sinking of a ship,” said Pen Test Partners researcher Ken Munro, in a stark assessment of maritime cyber-danger this week.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
2 Comments
Tomi Engdahl says:
The latest group using hacking for nefarious gains: pirates. Synopsys’ Robert Vamosi checks out how a shipping company’s insecure cargo software led to targeted attacks on the open sea.
Pirates Breach Shipping Company’s Database
https://blogs.synopsys.com/software-integrity/2016/03/10/pirates-breach-shipping-companys-database/
At this year RSA Conference, the data breach investigators at Verizon released a Data Breach Digest identifying 18 representative cases from the more than 500 cybersecurity incidents the team has investigated in more than 40 countries. These cases will be used in the Verizon Data Breach Investigation Report 2016 yet to come. For the moment, they provide an in-depth look at specific data breach examples over the years.
One example included sea-faring pirates who used a data breach to target their victims.
“Rather than spending days holding boats and their crew hostage while they rummaged through the cargo, these pirates began to attack shipping vessels in an extremely targeted and timely fashion,” the RISK team wrote in the report. “Specifically, they would board a shipping vessel, force the crew into one area and within a short amount of time they would depart. When crews eventually left their safe rooms hours later, it was to find that the pirates had headed straight for certain cargo containers.”
“It became apparent to the shipping company that the pirates had specific knowledge of the contents of each of the shipping crates being moved. They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident.”
In this case the shipping company used a home-grown cargo management system (CMS) to track its inventories.
The pirates, however, were not very skilled. The shell script they ran used straight HTTP rather than the encrypted HTTPS allowing the investigators to see what they were doing. “We were ultimately able to capture every command the threat actors issued, which painted a very clear picture,” the RISK team wrote. “These threat actors, while given points for creativity, were clearly not highly skilled. For instance, we found numerous mistyped commands and observed that (they) constantly struggled to interact with the compromised servers.”
“The threat actors also showed a lack of concern for their own operational security by failing to use a proxy and connecting directly from their home system,” the RISK team noted.
Tomi Engdahl says:
Researcher: Not Hard for a Hacker to Capsize a Ship at Sea
https://threatpost.com/hacker-capsize-ship-sea/142077/
Capsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners.
With so many previously outlined ways to infiltrate networks on-board shipping vessels (think satcom hacking, phishing, USB attacks, insecure crew Wi-Fi, etc.), the question becomes, what could an adversary do with that access?
“If one was suitably motivated, perhaps by a nation-state or a crime syndicate, one could bring about the sinking of a ship,” said Pen Test Partners researcher Ken Munro, in a stark assessment of maritime cyber-danger this week.