Cybersecurity firm Proofpoint is reporting a new hacking group that targets the global shipping industry and its fears over the spread of the coronavirus. The California company has detailed how emails are being sent with the subject line ‘Coronavirus – Brief note for the shipping industry’.
The Word documents, labelled Caution on Coronavirus, that are attached in the emails feature an exploit of a 2.5-year-old vulnerability that makes it possible to install AZORult on the target. AZORult is a dangerous malware that can steal sensitive user information like file reference,passwords, cookies, browsing history, bank account data and cryptocurrency wallets. The malware works on computers that have not updated Microsoft Office since November 2017.
“In these attacks, we don’t see AZORult downloading ransomware currently. However, because of AZORult’s configurable nature and past use in conjunction with ransomware that remains a real threat,” Proofpoint warned. The specialists warn that all emails with Coronavirus-themes and attachments should be treated with caution, even if they don’t appear to be directly health related. A Coronavirus-related shipping supply disruption would negatively impact each of the company types listed above and it’s clear these attackers are aware that a major event like Coronavirus can have secondary impacts on industries. This awareness demonstrates not just technical sophistication, but economic sophistication as well.
Note that cyber attacks pose a serious threat to shipping. In the past the largest shipping companies in the world were subjected to them: for example, an attack by hackers on COSCO in 2018 with the installation of malware led to a drop in the company's network and systems in the United States and email failure. And in 2017 Maersk underwent a hacker attack using the NotPetya virus. The attack led to the shutdown of some of the company's systems and the losses resulted from this attack amounted to $ 300 million. If such industry giants are not well protected from cybercrime then what about other representatives of the industry.
Seafarers are also a vulnerable target for hackers as their ignorance of existing threats can lead to serious problems on board. So crewmembers often provide criminals with the necessary information without knowing it. They run a risk doing that as in result hackers not only gain access to a personal data but also can get inside the vessel’s or company’s security system. For example they can hack a crewmember’s phone using phishing, and when he decides to recharge the smartphone via ECDIS they will also get access to the vessel’s system. It will be impossible to continue the voyage with failed equipment and the seafarer himself may lose his job.
The Seafarers Union of Russia recommends that crewmembers shouldalways remember about the threat of cyber attacksand exercise extreme caution around the cybersecurity issues. Otherwise there is a great chance of becoming an unwitting "accomplice" of intruders.
Based on the article from Splash 24/7