- Feb 4, 2016
- 2,520
SAN FRANCISCO – Researchers have identified the hacking group behind several widescale business email compromise (BEC) attacks gouging the maritime shipping industry millions of dollars since last year. Attackers are taking advantage of the industry’s lax security and the use of outdated computers, according to a report released here at the RSA Conference Wednesday.
Researchers from the Dell SecureWorks Counter Threat Unit dubbed the BEC group Gold Galleon. The researchers estimate that Gold Galleon has specifically targeted the shipping industry in an attempt to steal at least $3.9 million between June 2017 and January 2018.
“There’s a couple reasons [Gold Galleon] would target this industry… it’s a perfect storm between the lack of security and an interesting cultural piece,” said Bettke in an interview with Threatpost. “Many shipping companies that are very small are not worried about security – they don’t have two factor authentication and are running Windows XP. The second piece is that many of these small companies are doing international business and communicating primarily with email, so it’s hard to know if someone is being impersonated.”
Gold Galleon identifies target emails by collecting publicly available contact information, such as the company’s website as well as leveraging marketing tools BoxxerMail or Email Extractor to scrape email addresses from companies’ websites, according to SecureWorks.
After gaining entry into a target’s inbox, the cybercriminals will also extract a recipient’s contacts through a tool called EmailPicky.
Gold Galleon uses spearphishing techniques with malicious attachments to compromise their victims.