Panda Security Uncovers Ongoing Attack Against Oil Tankers

Exclusive findings from PandaLabs reveal cyber-attacks in the maritime oil sector

MADRID--()--Panda Security has released “Operation Oil Tanker: The Phantom Menace”, a groundbreaking report that details a malicious and largely unknown targeted attack on oil tankers. First discovered by Panda Security in January 2014, the ongoing attack on oil cargos began in August 2013, and is designed to steal information and credentials for defrauding oil brokers. Despite having been comprised by this cyber-attack, which Panda has dubbed ‘The Phantom Menace,’ none of the dozens of affected companies have been willing to report the invasion and risk global attention for vulnerabilities in their IT security networks. Panda Security is issuing its report in an effort to draw attention to the attack and urge companies in every industry to take precautions against these increasingly sophisticated and insidious attacks.

The Phantom Menace is one of the most unique attacks that PandaLabs has discovered. No antivirus engine was able to detect it when first triggered, primarily because the attackers used legitimate tools in conjunction with a number of self-made scripts to bypass any warnings that traditional AV software would detect. It was only discovered when a secretary opened a nonspecific attachment to an email – a type of file that Panda Security would later identify among ten different companies in the oil and gas maritime transportation sector.

“Initially this looked like an average non-targeted attack. Once we dug deeper, though, it became clear that this was a systematic, targeted attack against a specific sector in the oil industry,” said Luis Corrons, PandaLabs Technical Director and report author. “We can limit the impact of this potentially catastrophic cyber-attack, but only if the victimized companies are willing to come forward.”

Identifying the source of a cyber-attack is tremendously challenging

In most cases, identifying the source of a cyber-attack is tremendously challenging. Once discovered, however, The Phantom Menace had a telling weak spot: the FTP connection used to send out the stolen credentials. Through the FTP connection, PandaLabs was able to identify both an email address and name.

Panda Security stands ready to identify the individual to authorities, but without any credible reports being volunteered by the alleged victims, the authorities are unable to launch their investigations or make any arrests. Panda Security hopes the release of its report will shed light on the potential damage of The Phantom Menace and encourage companies to take the necessary steps against the perpetrator.

To read “Operation ‘Oil Tanker: The Phantom Menace”, please visit here.

About Panda Security

Founded in 1990, Panda Security is the world's leading provider of cloud-based security solutions. With head offices in Spain, the company has direct presence in over 80 countries, products translated into more than 23 languages and millions of customers around the world. The company's mission is to simplify complexity, creating new and improved solutions to protect users´ digital lives.

As part of its Corporate Social Responsibility policy, Panda Security collaborates with The Stella Project, a program aimed at promoting the incorporation into the community and workplace of people with Down syndrome and other intellectual disabilities.

For more information, please visit www.pandasecurity.com/.

Contacts

Panda Security
Silvia Torres, +34 91 141 09 29
Cell Phone: +34 636 768 445
silvia.torres@pandasecurity.com

Contacts

Panda Security
Silvia Torres, +34 91 141 09 29
Cell Phone: +34 636 768 445
silvia.torres@pandasecurity.com