Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Fraud & Identity Theft

Nigerian Fraudsters Attack Oil Logistics Firms Without Using Malware: Report

Scammers apparently based in Nigeria have been stealing information from various companies in the oil logistics sector, according to a report published by Panda Security.

Scammers apparently based in Nigeria have been stealing information from various companies in the oil logistics sector, according to a report published by Panda Security.

The campaign, dubbed “Operation Oil Tanker,” dates as far back as August 2013 and has been monitored by researchers since January 2014.

The security firm discovered the campaign after an employee at an England-based company that handles maritime oil transportation received an email containing a 4 Mb PDF file attached to it. Anti-virus software didn’t flag the document file, but a Panda Security pilot technology detected it as suspicious.

Specially crafted PDF files have been used in numerous attacks. However, in this case, the attacks didn’t involve any actual malware. According to researchers, the PDF, which is a self-extracting archive, contains various legitimate tools and scripts developed by the attackers to steal credentials and other information, and upload it to an FTP server.

On the FTP server that stores the stolen information, researcher discovered a total of 80,000 files containing credentials. After analyzing the files, experts determined that there were 860 unique files holding credentials stolen from roughly ten companies in the oil and gas maritime transportation sector.

“Initially this looked like an average non-targeted attack,” said Luis Corrons, technical director at PandaLabs and author of the report. “Once we dug deeper, though, it became clear that this was a systematic, targeted attack against a number of companies in the same specific industry sector.”

Corrons told SecurityWeek that most of the victims are located in European countries such as Belgium, Germany, Italy, Spain and the UK. A couple of organizations in Singapore and the Chinese city of Shanghai have also been targeted.

After seeing that this was a targeted attack, Panda Security worked on locating the attackers and establishing their motives. Attack attribution is not easy, but experts managed to find useful clues in the information used to register an account on a free service hosting the FTP server.

Advertisement. Scroll to continue reading.

The email address and the city information used to register the account led investigators to an individual based in Ikeja, a suburb in Lagos, Nigeria’s capital city. The suspect appears to be the owner of a goods transport company, Panda said in its report.

Nigerian scammers are well known all over the world for schemes in which they promise large amounts of money to unsuspecting Internet users. In this case, the individuals behind Operation Oil Tanker seem to be involved in a scam that can be highly profitable.

Nigeria’s Bonny Light crude oil is in high demand by refineries all over the world. Scammers contact oil brokers and offer them a large quantity of Bonny Light oil at an attractive price. The potential buyer is asked to pay between $50,000 and $100,000 in advance to obtain the oil, but for this to happen the fraudsters must produce documents to prove that they are in possession of the product.

Panda Security believes this is the part where the scammers start targeting companies in the oil logistics sector. The documents needed to prove that the oil exists can be forged, but if they manage to get their hands on legitimate papers, the scammers have a better chance of duping the brokers into paying them in advance.

Experts believe that the group behind Operation Oil Tanker doesn’t use the stolen information against the breached companies. Instead, they use it to defraud entities interested in acquiring oil.

Since the stolen information is not used against victims of the hack, these organizations prefer to remain quiet and not report the breach to authorities. This makes it difficult to shut down the malicious operation and bring the perpetrators to justice.

“We can limit the impact of this potentially catastrophic cyber-attack, but only if the victimized companies are willing to come forward,” noted Corrons.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Fraud & Identity Theft

Famed hacker Kevin Mitnick has died after a battle with pancreatic cancer.  At the time of his death, he was Chief Hacking Officer at...

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Cybercrime

Deepfakes, left unchecked, are set to become the cybercriminals’ next big weapon

Cybercrime

A threat actor tracked as ‘Scattered Spider’ is targeting telecommunications and business process outsourcing (BPO) companies in an effort to gain access to mobile...

Application Security

Password management firm LastPass says the hackers behind an August data breach stole a massive stash of customer data, including password vault data that...

Cybercrime

While there are likely many different approaches, here are a few points that are important for enterprises to consider when evaluating bot solutions.