Pirates improve efficiency of booty-theft by hacking shipping company

A recently revealed hacking scenario has shone a light on how weaknesses in digital platforms can be exploited to help physical intrusions.

In this case, it’s pirates.

An unnamed global shipping company that often has to deal with pirates noticed an interesting pattern in its pirate attacks. The criminals seemed to be targeting specific ships and containers that happened to have goods that were incredibly valuable. And, rather than taking over the ship and holding the crew hostage, the pirates only hung around for a few hours before they were off the ship and on their way to the next target.

The shipping company soon worked out that the pirates were looking at the bar codes on the containers and only opening specific ones, so they called in a security team to investigate.

The security team (Verizon) discovered that the pirates had exploited a vulnerability in the shipping company’s CMS and created a backdoor, giving them access to shipping routes, schedules and – you guessed it – contents of containers.

In the RISK Labs report from Verizon, they say:

“The threat actors used an insecure upload script to upload the web shell and then directly call it as this directory was web accessible and had execute permissions set on it—no Local File Inclusion (LFI) or Remote File Inclusion (RFI) required. Essentially, this allowed the threat actors to interact with the webserver and perform actions such as uploading and downloading data, as well as running various commands.”

The pirates’ poor efforts to hide themselves made it easy for the shipping company to block them out of the CMS while also applying a much needed patch. It’s highly likely that a regularly conducted penetration test would have found the exploited vulnerability, which is why I strongly recommend that all organisations have their web applications tested regularly.