当前位置:新闻动态
Small shipping firms at risk of spearphising email hacks
来源: 编辑:编辑部 发布:2018/05/02 11:47:37
SMALLER maritime shipping companies may be exposed to heightened risk of hacking threats by email that are being conducted by a Nigerian group dubbed Gold Galleon, warns network security firm Secureworks.
The company said that the group has been using a two-factor authentication for business and personal emails, which is a verification tool that relies on the legitimate user having a smartphone or a magnetic keycard in addition to the account password, reported Fort Lauderdale's Maritime Executive.
Network security firm Secureworks said Gold Galleon uses basic email scams and publicly available hacking software in a bid to steal hundreds of thousands of dollars from ship managers and service providers.
According to Secureworks, Gold Galleon is a group of 20 individuals who work together to hack maritime firms worldwide by using basic techniques, including the rental of hacking tools for just a few dollars per month; they communicate via Skype; and they identify targets using online company directories and commercially-available contact lists.
Once the group has identified a new target, it sends a spearphishing email carefully tailored to the recipient. The email has an attachment containing malware, which deploys on the unsuspecting victim's computer and logs his or her keystrokes, recording the username and password for the victim's business email account.
Once the account is compromised, the group uses a software tool to collect all the email addresses that the user has had an interaction, and it sets itself up to intercept business transactions between the user and his or her clients.
When the Gold Galleon group sees payment details on an invoice in a compromised email account, it intercepts the invoice, alters the account numbers to direct the money to its own "mule" bank account instead, and uses a similarly-worded email address to send the altered request to the recipient. Often, the buyer will not detect the change to the sender's email address and the bank details and will pay the fraudulent invoice.
In one case study, the group was able to steal email usernames and passwords for eight employees at a South Korean shipping firm. When the company initiated a US$50,000 "cash to master" transaction to deliver money to one of its vessels, a Gold Galleon hacker impersonated the recipient and asked for payment to be sent to a "subsidiary account for now" because of unspecified bank issues.
Secureworks was monitoring the exchange and notified the parties involved that they were being hacked, and it thwarted two subsequent attempts on the same firm - one for $234,000 and another for $325,000.
The company said that the group has been using a two-factor authentication for business and personal emails, which is a verification tool that relies on the legitimate user having a smartphone or a magnetic keycard in addition to the account password, reported Fort Lauderdale's Maritime Executive.
Network security firm Secureworks said Gold Galleon uses basic email scams and publicly available hacking software in a bid to steal hundreds of thousands of dollars from ship managers and service providers.
According to Secureworks, Gold Galleon is a group of 20 individuals who work together to hack maritime firms worldwide by using basic techniques, including the rental of hacking tools for just a few dollars per month; they communicate via Skype; and they identify targets using online company directories and commercially-available contact lists.
Once the group has identified a new target, it sends a spearphishing email carefully tailored to the recipient. The email has an attachment containing malware, which deploys on the unsuspecting victim's computer and logs his or her keystrokes, recording the username and password for the victim's business email account.
Once the account is compromised, the group uses a software tool to collect all the email addresses that the user has had an interaction, and it sets itself up to intercept business transactions between the user and his or her clients.
When the Gold Galleon group sees payment details on an invoice in a compromised email account, it intercepts the invoice, alters the account numbers to direct the money to its own "mule" bank account instead, and uses a similarly-worded email address to send the altered request to the recipient. Often, the buyer will not detect the change to the sender's email address and the bank details and will pay the fraudulent invoice.
In one case study, the group was able to steal email usernames and passwords for eight employees at a South Korean shipping firm. When the company initiated a US$50,000 "cash to master" transaction to deliver money to one of its vessels, a Gold Galleon hacker impersonated the recipient and asked for payment to be sent to a "subsidiary account for now" because of unspecified bank issues.
Secureworks was monitoring the exchange and notified the parties involved that they were being hacked, and it thwarted two subsequent attempts on the same firm - one for $234,000 and another for $325,000.