Research shows that hackers are focusing on transport and shipping companies with a new trojan malware campaign.
The news comes when the logistics sector is undergoing a digital transformation, potentially increasing vulnerability to cyber attacks.
Paloalto Networks revealed this week that it had “identified a malicious binary file, called inetinfo.sys, installed on a system at an organization within the transport and shipping sector of Kuwait.”
It added: “Through comparative analysis, we have identified related activities that also focus on Kuwait between July and December 2018…. Although there are no direct infrastructure overlaps between the two campaigns, historical analysis shows that the activities of 2018 and 2019 are probably related. “
The cyber tools were previously unknown and have given rise to concerns about vulnerabilities in the transport sector.
“This report is an indication of recent trends that we are seeing with transportation and shipping,” said Dave Weinstein, chief security officer at cyber security company Claroty.
“Despite the attribution question, it is remarkable that the actors seem focused on collecting information, either with an eye to industrial espionage or exploration.
“Both the transport and shipping sectors are undergoing a large number of digital transformation to increase efficiency, opening new attack vectors for malicious actors.
“It is crucial for organizations in these sectors to see the intersection of their corporate and operational networks, since hackers exploit the former to target the latter.”
The malware was discovered by Paloalto’s Unit 42 between May and June.
It explained: “The first known attack in this campaign was aimed at a transport and shipping company from Kuwait in which the actors installed a backdoor tool with the name Hisoka.
“Several modified tools were later downloaded to the system to perform post-exploitation activities. All these tools seem to have been created by the same developer. We have been able to collect different variations of these tools, including one that dates from July 2018. “
The criminal developer used character names from the anime series Hunter x Hunter.
Paloalto added: “We are following this activity closely and will continue the analysis to determine a more solid connection with known threat groups.”
The risk of cyber crime for shipping and logistics was amply demonstrated by last year’s NotPetya attack on Maersk, which cost the shipping group around $ 300 million.
The FedEx subsidiary, TNT, was also affected and is now facing legal action from a shareholder who claimed that FedEx was not transparent about the costs and effects of the attack and therefore lost “permanent” business.
Comments are closed.