Privacy News Gold Galleon Hacking Group Plunders Shipping Industry (business email compromise (BEC) attacks)

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
SAN FRANCISCO – Researchers have identified the hacking group behind several widescale business email compromise (BEC) attacks gouging the maritime shipping industry millions of dollars since last year. Attackers are taking advantage of the industry’s lax security and the use of outdated computers, according to a report released here at the RSA Conference Wednesday.
Researchers from the Dell SecureWorks Counter Threat Unit dubbed the BEC group Gold Galleon. The researchers estimate that Gold Galleon has specifically targeted the shipping industry in an attempt to steal at least $3.9 million between June 2017 and January 2018.
“There’s a couple reasons [Gold Galleon] would target this industry… it’s a perfect storm between the lack of security and an interesting cultural piece,” said Bettke in an interview with Threatpost. “Many shipping companies that are very small are not worried about security – they don’t have two factor authentication and are running Windows XP. The second piece is that many of these small companies are doing international business and communicating primarily with email, so it’s hard to know if someone is being impersonated.”

Gold Galleon identifies target emails by collecting publicly available contact information, such as the company’s website as well as leveraging marketing tools BoxxerMail or Email Extractor to scrape email addresses from companies’ websites, according to SecureWorks.
After gaining entry into a target’s inbox, the cybercriminals will also extract a recipient’s contacts through a tool called EmailPicky.
Gold Galleon uses spearphishing techniques with malicious attachments to compromise their victims.
 
  • Like
Reactions: harlan4096

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top