Skiff-sailing slimeballs screw shoddy shell
Clever pirates have hacked into a shipping company to determine the location of valuable cargo before hijacking vessels in targeted attacks.
The criminals popped the unnamed company’s in-house content management system, using that access to determine which containers have the most valuable cargo.
This made its hijacks faster as pirates were able to round up crew and locate favoured boxes using scanners instead of manually picking through loot.
The attacks were captured in Verizon’s Data Breach Digest [PDF] addendum report.
In it the forensics bods say the pirates uploaded a shoddy shell to the shipping routers server, and while that gave them the needed access, it was also easy to for them to identify and shutter.
“The threat actors used an insecure upload script to upload the web shell and then directly call it as this directory was web accessible and had execute permissions set on it — no Local File Inclusion or Remote File Inclusion [was] required.
Essentially, this allowed the threat actors to interact with the webserver and perform actions such as uploading and downloading data, as well as running various commands.
It allowed the threat actors to pull down bills of lading for future shipments and identify sought-after crates and the vessels scheduled to carry them.”
Investigators capitalised on technical and operational security mistakes that made the attackers and the data they sought easy to identify.
The pirates did not use SSL, mistyped commands, and “constantly struggled” to interact with the pwned webserver.
“These threat actors, while given points for creativity, were clearly not highly skilled,” Verizon’s research team said.
The beleaguered shipping company secured its compromised servers, reset passwords, and blocked the attacker’s IP address.
Piracy in the Gulf of Aden, Horn of Africa, and Indian Ocean has declined in recent years thanks to international military intervention and assistance under NATO’s Operation Shield.
The International Maritime Bureau has received 10 incident reports this year. ®
Sponsored: Securing personal and mobile device use with next-gen network access controls