New detailed report by Panda Security reveals more specific information on the current attack on oil cargo vessels and the consequences of it for the affected companies. Being active since August 2013, the virus was discovered in January 2014. It was designed to steal information and credentials, as a result of that to defraud oil dealers.
Despite the fact that the cyber-attack, named “The Phantom Menace”, affected many shipping companies, none of them were ready to report the invasion, as it was considered to be risk-taking to attract the global attention for further vulnerabilities in their IT security systems.
According to PandaLabs, the Phantom Menace is one of the most unique attacks that they have discovered.
When it was first triggered, the virus was not detectable for any antivirus engine. The IT Security company found that the attackers were using legitimate tools in conjunction with various of self-made scripts and in that way any warnings that traditional AV software would detect, have been bypassed.
Image: Panda Security
Present days most computer threats are designed to steal information from target systems, so for PandaLabs the virus definitely looked like the thousands of cases, which they usually examined in their laboratory.
However, the attention of IT specialist was caught by the fact that no antivirus engine had been able to detect it, although this shouldn’t be so surprising if is taken into consideration that every day over 250,000 new malware files are put in circulation. The really unique fact about this threat was, that it didn’t use any kind of malware.
The virus was discovered when an employee opened a nonspecific file attachment to an email. This type of file was later identified by Panda Security in 10 different shipping companies of the oil and gas sectors of the maritime transport industry.
Luis Corrons, the Technical Director of Panda Security and report author said:
“Initially this looked like an average non-targeted attack. Once we dug deeper, though, it became clear that this was a systematic, targeted attack against a specific sector in the oil industry. We can limit the impact of this potentially catastrophic cyber-attack, but only if the victimized companies are willing to come forward.”
PandaLabs specialists said that most of the time identifying the cyber-attack source was tremendously challenging.
Despite the difficulties to detect the virus, once discovered, the Phantom Menace could be attacked through its weak spot, which is the FTP connection used to send out the stolen brokers’ credentials. Panda Security IT specialists were able to identify attacker’s email address and name, exactly by using this FTP connection.
Representatives of PandaLabs expressed their readiness to identify the individual to the relevant authorities. Because they are not able to launch their investigations or make any arrests, it is necessary the alleged victims to present credible reports.
Releasing “The Phantom Menace” report, Panda Security hopes that it will shed light on the potential damages, which may cause the virus and also to encourage the affected companies to take measures against the hacker.