PandaLabs discovers ‘Phantom Menace’ hack targeting oil tankers
Mon 18 May 2015
A malicious cyberattack has been exposed which specifically targeted the maritime oil industry, according to cloud security firm PandaLabs.
Discovered in January last year, the attack which has been dubbed ‘The Phantom Menace’ by Panda is thought to have started in 2013. The security firm believes that the malware continues to target the oil sector, stealing critical data in an attempt to defraud oil brokers.
Despite Panda revealing the highly-targeted attacks, the dozens of maritime companies affected by the virus have refused to provide comment on the data breach facing public concern over the security of their IT networks.
In a report titled ‘Operation Oil Tanker: The Phantom Menace’, Panda explores what it claims to be one of the most unique hacks it has revealed in its 25-year history. The virus was not detected by any antivirus software as those behind the attacks were using a combination of tools and scripts to disguise their activity and avoid detection by traditional security systems.
The Phantom Menace was first identified when a secretary, based at a maritime oil firm involved in testing a new security solution, opened a PDF file attached to an email. The existing traditional security models did not warn of any danger, but the pilot solution flagged the file as suspicious.
PandaLabs technical director and report author Luis Corrons noted: “Initially this looked like an average non-targeted attack. Once we dug deeper, though, it became clear that this was a systematic, targeted attack against a number of companies in the same specific industry sector.”
Panda suggested that the malicious virus did contain a vulnerability, with the FTP connection used to send out the stolen information revealing names and email addresses.
“We can limit the impact of this potentially catastrophic cyber-attack, but only if the victimised companies are willing to come forward,” added Corrons.
