The xz attachment of a fake bank email contains an exe file: the malware.
International Maritime Organization (IMO) suffered a sophisticated cyber attack against it’s IT systems, now restored
International Maritime Organization (IMO) suffered a sophisticated cyber attack against it’s IT systems, that overcame robust security measures in place. It’s the same organization that denouced it. A number of IMO’s web-based services became unavailable on Wednesday 30 September. The systems impacted included the IMO public website and other web-based services. The email system, including other Internal and external collaboration platforms, are working as normal. Following the attack the Secretariat shut down key systems to prevent further damage, and is working with international security experts to restore systems as soon as possible, to identify the source of the attack, and further enhance security systems to prevent new incidents. Service has been restored to the GISIS database, IMODOCS and Virtual Publications on October 1 2020. The access to the website www.imo.org has been restored on the next day.
It’s not clear if the source are cybercrime or cyberwarfare actors, but Maritime sector and companies are in the crosshairs
The cybersecurity expert and evangelist, Pierluigi Paganini, underlined that at the end of September, the French maritime transport and logistics giant CMA CGM S.A. revealed it was the victim of a malware attack that affecting some servers on its network. The company currently ranks fourth behind Maersk Line, MSC, and COSCO Shipping Lines, and all companies that have been curiously hit by malware attacks in the past. At the moment is not clear which kind of attack IMO suffered, or who if the source is cybercrime or cyber warfare actors. In the next days there could be new details that will unravel the fog.