Pirates find rich pickings in shipping computer filesLocal | Adeline Mak 13 May 2016
Pirates have become more sophisticated and can now hack into the management systems of shipping companies targeting various vessels, cybersecurity consulting firm Verizon Asia Pacific said in a report issued yesterday.
There were 64,199 security incidents and 2,260 data breaches worldwide last year, it said in its 2016 Data Breach Investigations Report.
In one case, a conglomerate that had been troubled by piracy previously, observed a change in pirates' tactics, such as when and where to attack vessels.
The company discovered that a cybercriminal had hacked into its management system and obtained information about goods in its containers.
Eventually, cargoes containing precious goods were targeted and the goods stolen.
Patrick Wong Choy-ming, Verizon's head of security engineering, said web applications widely used by medium-sized companies are always targeted by unscrupulous individuals who exploit vulnerabilities of various management systems.
He said medium-sized companies should use two- factor authentication in which accounts are locked after repeated failed attempts.
Companies should also review logs from time to time to detect any malicious activity, Wong said.
Francis Yip Chiew-cheong, Verizon's group vice president, said 89 percent of breaches had a financial or espionage motive. "How do they get in? We found 63 percent of confirmed data breaches involved leveraging weak, default or stolen passwords," Yip said.
"Using too simple or default passwords usually tops our list, since there is little awareness in changing passwords or the consequences of not changing passwords."
The traditional attack of phishing is also becoming more common. According to the report, 30 percent of phishing e-mails were opened, compared with 23 percent in Verizon's last report.
The report listed nine patterns that covered 95 percent of data breaches, including miscellaneous errors, crimeware and physical theft and loss of devices. In miscellaneous errors that topped the list by 17.7 percent, 26 percent of the cases involved carelessly sending sensitive information to the wrong recipients.
The report also found cybercriminals are becoming quicker with systems invaded in minutes in 93 percent of the cases. In 83 percent of cases, it took weeks to discover the attacks. Data were stolen by hackers in a few minutes in 28 percent of the cases.