Maritime Data For Sale On the Dark Web

Uploaded on 2020-07-09 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Transport & Travel

Ransomware attackers who hacked leading Australian maritime logistics business Toll Group’s corporate server files in May 2020 have published stolen data on the Dark Web, the company has revealed. The hackers used Nefilim ransomware to steal sensistive dat  including Toll employee names, home addresses, age, birthdates, and payroll details including salary, superannuation, and tax file numbers.

While it's not illegal to visit the Dark Web, it provides access to illegal activities. Web sites that exist on the Dark Web are encrypted most commonly through the Tor encryption tool and most Dark Web users access those sites using the Tor browser.

The Dark Web allows users to remain anonymous through encryption. This is attractive to anyone involved in illegal activity, such as child pornography, sex trafficking, illicit drugs, or counterfeit goods. The hackers who scolded Toll did so easily because of  its lack of security measures. “Toll Group failed to secure their network even after the first attack (in January),” read the post, screen grabbed by Data Breach Today. “We have more than 200 GB of archives of their private data.”

Toll have refused ransom demands by the unknown hackers so far. 

The first attack, which took place in January and has since been attributed to a Russian criminal group, a Toll spokesperson has said there has been a second unrelated attack. The second security breach, which took place in May was in concert with a spate of attacks on other industries in Australia. Australia’s trade and diplomatic relationships with China have worsened over issues regarding the COVID-19 pandemic and as yet unattributed cyber attacks on Australian institutions and businesses. 

A recent joint cyber security survey by the international maritime  association BIMCO found the “attack surface” or human element to be a major factor in maritime shipping  industry breaches. 

The survey noted that training in the maritime industry was important to prevent seafarers and dockers opening emails containing malware or inserting infected USB sticks into company computers.

Maritime organisations would stop doing business with a third-party supplier due to a lack of cyber-security protections, according to an industry survey.

More than three-quarters (77%) of respondents to the 2020 Safety at Sea and BIMCO Maritime Cyber Security survey said they would cancel a contract with a third-party supplier over concerns with their cyber-security practices, or if it was found to be the cause of a cyber incident in the respondent’s own organisation. Furthermore, 26% admitted they had previously recommended not doing business with a third-party supplier due to concerns over poor cyber security practices. The survey found 68% reported phishing incidents where email attachments or web links led to breaches. Contractors or third parties were also a liability.

What is susceptible to attack at sea is navigation control and propulsion, automatic identification system (AIS), electronic chart display and information system (ECDIS), or radar. In ports, ships’ cargo handling or container tracking could be compromised.

The International Maritime Organisation has given ship-owners and managers until January 2021 to incorporate cyber risk management into their respective ship management systems.

Toll said it had further strengthened its systems and operations across its global network have resumed as normal.
While maritime companies are expanding their assessments into cyber security weaknesses across their supply chain, many of their measures remain firmly focused on reducing human error.

“Cyber-security training is seen by many as a first line of defence, especially against the most common types of cyber incidents,” said Jakob P. Larsen, Head of Security at BIMCO. “Eighty-eight percent of respondents indicated that their company offers some sort of cyber training, either internally provided (58%) or externally provided (30%).

 BIMCO:        Safety At Sea:      FindLaw:        Data Breach Today:


You Might Also Read: 

Maritime Cyber Attacks Quadruple:

 

« Journalist’s Phone Hacked Using An ‘Invisible’ Technique
Fake News Promotes Extremism »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

FlashRouters

FlashRouters

FlashRouters offers DD-WRT compatible router models with improved performance, privacy/security options, and advanced functionality.

Finjan Holdings

Finjan Holdings

Finjan solutions are aimed at keeping the web, networks, and endpoints safe from malicious code and security threats.

Alan Boswell Group

Alan Boswell Group

We are a Group of Companies providing specialist Insurance Broking and Risk Management advice and services including Cyber Risk cover.

SBS CyberSecurity

SBS CyberSecurity

SBS CyberSecurity is a premier cybersecurity consulting and audit firm.

ACI Solutions

ACI Solutions

ACI Solutions is a managed IT services and network security provider working with diverse global commercial, government and public sector clients.

Trustlook

Trustlook

Trustlook's SECUREai engine delivers the performance and scalability needed to provide total threat protection against malware and other forms of attack.

NSIDE Attack Logic

NSIDE Attack Logic

NSIDE Attack Logic simulates real-world cyber attacks to detect vulnerabilities in corporate networks and systems.

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

CSIRT Italia

CSIRT Italia

CSIRT Italia is the national Computer Security Incident Response Team for Italy.

Trianz

Trianz

Trianz Cybersecurity Services are Powered by One of the World’s Largest Databases on Digital Transformation. We Understand Evolving Risks, Technologies and Best Practices.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

Green Enterprise Solutions

Green Enterprise Solutions

Green Enterprise Solutions are a Namibian company providing Information and Communication Technology (ICT) services to corporate Namibia.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.

NST Cyber

NST Cyber

NST Cyber provides comprehensive Threat Exposure Management to Global banks and Forbes 2000 companies.

CQURE

CQURE

CQURE is divided into four main cybersecurity excellence areas: CQURE Consulting, CQURE Academy, CQURE Knowledge Sharing and CQURE Cyber Lab.