Dryad and cyber partners RedSkyAlliance monitor attempted attacks within the maritime sector, reports Safety4sea.
They examine how email is used to deceive the recipient and potentially expose the target organizations. The following update regards the first week of January 2021.
Users enticed using a common lure
It is reminded that email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.
“Even if attackers can only get 10% of people to open their malicious email attachments, they can send thousands out in a day using similar templates resulting in hundreds of victims per day. They can also automate parts of this process for efficiency. It is critical to implement training for all employees to help identify malicious emails/attachments,” Dryad Global advised.
This week, a wide variety of maritime-related subject lines was observed. Some of the new vessel names used this week include “MV Liberty Island” and “MV Key Frontier,” among others.
Malicious e-mails
Analysts observed two malicious emails targeting the same shipping company this week, both of which contain the same vessel name “Hyundai Neptune.” This email leverages a few techniques to get the targeted users to open the malicious attachments. As with many malicious emails, this attacker is trying to create a sense of urgency in the target.
The first malicious email uses an abnormally long subject line “Re: RE: !!!!URGENT !!!!! We have a live reefer that is threw cargo SZLU9827820 on the HYUNDAI NEPTUNE We cant repair it on the ves.” This email chain consists of a conversation between multiple employees at Total Terminals International regarding the repair of the Hyundai Neptune vessel.
At the end of the email chain, a message is sent to one of the Total Terminal International employees containing a malicious attachment. The attachment, an MS Word document, is titled, “Report.doc.”
Malware to steal data
It is common for attackers to give malicious files a generic name to avoid detection. When the target opens this malicious document, they would actually activate TrojanDownloader:O97M/Emotet.RKC!MTB malware.
This malware can install other malicious modules which are used to steal sensitive victim information and/or activate ransomware on the network to earn a profit.
“The more convincing an email appears, the greater the chance employees will fall for a scam. To address this residual risk, software-based protection should be treated as one constituent of a wider strategy that also encompasses the human-element as well as organizational workflows and procedures,” Dryad said.
Recommendations
- Train all levels of the marine supply chain to realize they are under constant cyber-attack.
- Stress maintaining constant attention to real-world cyber consequences of careless cyber practices or general inattentiveness.
- Provide practical guidance on how to look for a potential phishing attempt.
- Use direct communication to verify emails and supply chain email communication.
Did you subscribe to our daily newsletter?
It’s Free! Click here to Subscribe!
Source: Safety4sea