How did European and Asian logistics companies adopt a Nigerian scam?

Panda Security has published a report about how scammers swindled money from logistics companies responsible for the sea transport of oil and other diesel fuels from the Mediterranean, West Africa and Asia to Europe.

The first incident of this operation called "Oil Tanker" was noticed in August 2013. This month, a PDF document weighing less than 4MB containing an inquiry for the transport of crude oil from the Mediterranean to Europe has been sent to one of the UK transport companies. The problem is that in order to get possession of the appropriate tonnage of diesel fuel, the buyer is required to pay an advance of 50 to 100 thousand dollars, and from the seller to submit relevant documents confirming the possession of the raw material. Thus, the necessary document was "prepared" by cybercriminals and sent to one of the companies based in the North West of England dealing with maritime transport.

As it turned out later, the substituted "PDF" file was not pure malware, but a self-extracting archive imitating a PDF icon. The archive contained various tools and scripts developed to steal information and send it to a defined FTP server. Noteworthy is the fact that the file was opened not by a novice who had nothing to do with computers and work in a logistics company, but a secretary with 20 years of experience. As you can see, 20 years of work did not teach her anything, but this story has a happy ending - this company was not plucked.

The guard who protected the computer secretary from infection was anti-virus software from the Spanish provider Panda Security. After sending the threat metadata to the producer's server, we managed to locate its binary files and analyze the malicious activity. Experts from Panda Security reached the FTP server, which served scamers for storing stolen information. A total of 80,000 files containing various credentials and 860 unique files with stolen credentials were located, 10 of which belonged to companies in the maritime oil and gas transport sector.

According to researchers from Panda Security, similar campaigns were meticulously prepared and struck at specific companies from various industry sectors. The largest number of injured companies are in Belgium, Germany, Italy, Spain and the United Kingdom, but even companies from Singapore and China have suffered

The moral of this story can only be one. Security experts and independent researchers have been pointing to various defects of antivirus programs for years (and they are right), but as it turns out, this is not the first time - in some cases a "primitive" antivirus can protect a company from image loss, subsequent contracts and the malicious one and targeted software.



Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.