Researchers have identified the hacking group behind several wide-scale business email compromise (BEC) attacks gouging the maritime shipping industry millions of dollars since last year. Attackers are taking advantage of the industry’s lax security and the use of outdated computers, according to a report released by RSA. Researchers estimate that Gold Galleon has specifically targeted the shipping industry in an attempt to steal at least $3.9 million between June 2017 and January 2018.
Gold Galleon’s targets include maritime shipping organizations – such as companies providing ship management services, port services and cash to master services. Because the shipping industry is globally dispersed and operates in different time zones, they are completely reliant on email for communication and thus a “low hanging fruit” for BEC scams.
Many shipping companies are not worried about security, often running their operations without two factor authentication and many are still using Windows XP. Additionally, often they are doing business internationally, communicating primarily by email, so it’s hard to know if anyone is being impersonated.
According to SecureWorks, Gold Galleon appears to be a group of at least 20 cybercriminals, who likely are based in Nigeria. The criminals work together to carry out various parts of the BEC campaigns – from the initial compromise, to monitoring accounts. They use a range of commodity remote access tools that have keylogging and password-stealing functionality to steal email account credentials. As of now, cyber security professionals have thwarted fraud attempts, averting losses of more than $800,000.
This amount is expected to increase as the shipping industry is a viable target transporting high value merchandise and legacy systems and poor security processes and awareness. Only time will tell how this will affect us here in Hawaii.
Stay safe out there.