A cybercrime intelligence company has revealed that the cybercrime underground is flush with shipping companies’ credentials.
Over the past few months, Intel 471 has observed network access brokers selling credentials or other forms of access to shipping and logistics companies on the cybercrime underground. The companies with their credentials being sold range from air, ground, and maritime cargo transport.
Observations from the company included:
Within the span of two weeks in July 2021, one new user and one well-known access broker claimed to have access to a network owned by a Japanese container transportation and shipping company. The new user included the company’s credentials in a dump of 50 other companies.
In August 2021, one user known to work with groups that have deployed Conti ransomware claimed access to corporate networks belonging to a US-based transportation management and trucking software supplier and a US-based commodity transportation services company.
In September 2021, a user with ties to the FiveHands ransomware group claimed access to hundreds of companies, including a UK-based logistics company. Additionally, a new user claimed to have gained access to a Bangladesh-based shipping and logistics company.
In October 2021, a newcomer to a well-known cybercrime forum claimed access to the network of a US-based freight forwarding company, alleging that he had local administrator rights and could access 20 computers in the company’s network. Also in October, a newcomer on a different well-known cybercrime forum claimed access to a Malaysian logistics company.
Hong Kong-based ocean carrier Orient Overseas Container Line (OOCL) has become aware of a recent increase in fraudulent activities and has reminded its customers to stay vigilant to protect them against any potential financial loss and cyber risk.
In its latest customer service update, it stated that fraudsters could attempt to defraud remittances through the unauthorised use of OOCL’s name via email correspondences, informing the victim to change the payment receiving bank account number to one owned by the fraudster.