Pirates have hacked a shipping company to identify which of its vessels were worth attacking, and where the best loot was located on the ship. To be clear, these are real pirates with boats and guns; and now with computers added to their arsenal.
The report comes courtesy of Verizon, which compiled a security report from its RISK team ahead of the RSA conference this week. Some 18 case studies were revealed in this report; although the news that pirates have adopted cyber-attacks is something highly unusual.
The affected company had faced the issue of numerous attacks on its ships while at sea. Pirates would appear and take control of the ship, locking the crew up in a room and quickly taking very specific goods from the cargo hold. This raised questions as to how the pirates knew where the ship would be and where the particular items would be stored.
It turns out that the unnamed company suffered a security breach that gave the hackers access to bills of lading for shipments. These bills generally provides information about particular goods for shipping and functions as a receipt. In this case, it helped pirates locate their targeted goods on a ship.
Fortunately, the pirates were still unexperienced in cyberwarfare. The group failed to conceal its activities through proxy servers, allowing them to be tracked by experts. Commands to the malware were also sent in plaintext format, which made it easy to decipher what they were up to. These combined made it easy for the RISK team to figure out which servers were compromised and resolve the problem.
This is a new aspect to the whole idea of piracy, and there is a chance that more groups could pick up on the method of identifying targets. The victim in the case study are in the process of updating its cybersecurity, which is something that all companies should look into.