A new report, ‘Operation Oil Tanker: The Phantom Menace’ from Madrid, Spain-headquartered Panda Security reveals a hitherto ‘largely unknown’ cyber attack on oil tankers. The ongoing attack began in 2013 and was first discovered by Panda in January 2014. The attack tries to steal information and credentials for defrauding oil brokers.
The hack, undetected by antivirus software, is triggered when an attachment, of a file type that is ‘specific to the oil and gas maritime transportation sector,’ is opened. Panda CTO Luis Corrons said, ‘We first thought this was your average non-targeted attack. But as we dug deeper, it became clear that it targeted a specific sector of the oil industry.’ Panda’s detective work traced the hack via its FTP connection to reveal the likely source as an individual located in Nigeria’s Ikeja computer village.
Panda states that none of the dozens of affected companies have reported the breach for fear of drawing attention to their vulnerable networks. Panda Security is ready to identify the individual to authorities, but without any credible reports being volunteered by the alleged victims, the authorities are unable to launch their investigations or make any arrests. Panda Security hopes the release of its report will shed light on the potential damage of The Phantom Menace and encourage companies to take the necessary steps against the perpetrator. Drawing attention to the attack will force companies to take precautions against ‘increasingly sophisticated and insidious attacks.’
© Oil IT Journal - all rights reserved.