Site icon Sophos News

Pirates hacked shipping company to steal info for efficient hijackings

Here’s a lesson in web security, taken from a story about maritime pirates.

According to a recent RISK Labs report from Verizon, a security team from the company was tapped to help a global shipping company deal with its pirate problem.

Although the shipping company had dealt with pirates before, something changed in recent months that raised alarm – the pirates began targeting specific ships and even specific containers to find what was most valuable to them.

Rather than hijacking a ship and holding the crew hostage for days, the pirates were in and out in a matter of hours.

It soon became apparent that the pirates knew the contents of every crate being shipped, using bar codes on the shipping containers to identify and steal only certain items, leaving the rest.

As Verizon discovered, the pirates had exploited an unpatched vulnerability in the shipping company’s homegrown content management system (CMS) to create a backdoor, which they used to access records of shipping routes, schedules and container contents.

According to Verizon’s report:

The threat actors used an insecure upload script to upload the web shell and then directly call it as this directory was web accessible and had execute permissions set on it—no Local File Inclusion (LFI) or Remote File Inclusion (RFI) required. Essentially, this allowed the threat actors to interact with the webserver and perform actions such as uploading and downloading data, as well as running various commands.

Fortunately, the shipping company’s network was segregated by a firewall, so the attackers were contained to the one server they had compromised.

And the pirates made some crucial mistakes, failing to keep their activities and location secret.

The attackers didn’t use an encrypted connection, so it was possible to sniff the contents of their traffic, and they didn’t use a proxy, so the shipping company was able to shut off the attacks simply by blocking the IP address of the attackers.

Protecting your web servers

The pirate story is a rather extreme example of what can happen if you don’t secure your web server and CMS, but the consequences of web attacks can be just as devastating for a small business.

Here are some tips for locking down your web server and CMS:

Image of maritime pirates courtesy of Shutterstock.com.

Exit mobile version