Swashbuckling criminals hacked a shipping company’s computers in an effort to plan their ocean-based attack.
Modern pirates are finding new ways to pillage and plunder on the high seas.
A gang of swashbuckling criminals reportedly hacked an unnamed shipping company’s computers in an effort to uncover ship locations and cargo so they could conduct more efficient attacks, according to a Verizon cybersecurity report.
Typically, pirates who attack ships on the high seas keep crews hostage for days at a time while they rummage around the ship looking for things they want.
The shipping company, however, noticed an uptick in attacks carried out “in an extremely targeted and timely fashion,” Verizon said.
“They’d board a vessel, locate by bar code specific sought-after crates containing valuables, steal the contents of that crate—and that crate only—and then depart the vessel without further incident.
Fast, clean and easy,” according to the report.
The company had no idea how these pirates knew where to look, so it contacted Verizon. “What we learned was that the company used a homegrown CMS to manage shipping inventories and specifically the various bills of lading associated with each of their shipping vessels,” Verizon said.
That led it discover “that a malicious web shell had been uploaded onto the server.”
“Fortunately, these threat actors made several mistakes, which we were able to capitalize on,” Verizon’s report said.
Not only did the corsairs fail to enable SSL—sending all commands over the Web in plain text—but they did not use a proxy and connected directly from their home system.
“These threat actors, while given points for creativity, were clearly not highly skilled,” Verizon said. “For instance, we found numerous mistyped commands and observed that the threat actors constantly struggled to interact with the compromised servers.”
Now the joke’s on them: Verizon helped the unnamed victim company shut down its compromised servers, block the pirates’ IP address, reset all compromised passwords, and rebuilt the affected CMS servers.
“While these actions wouldn’t prevent all attacks, they were certainly a step in the right direction,” Verizon said.