Gold Galleon Threat Group Targets Maritime with BEC Scheme

A threat group operating out of Nigeria, dubbed “Gold Galleon,” is targeting the global maritime shipping industry with a business email compromise (BEC) campaign – a type of social engineering scheme. The campaign involves sending targets fraudulent invoices and financial documents, using a combination of malware and social engineering techniques to steal corporate email account credentials and use these accounts to send fake payment requests and steal millions of dollars. Researchers estimate Gold Galleon attempted to steal $3.9 million between June 2017 and January 2018 alone. The maritime industry is a particularly attractive target given the amount of international business and financial transactions and communications that commonly occurs. Poor cybersecurity protections also allow threat actors to be successful even when employing unsophisticated tactics and off-the-shelf tools. The NJCCIC recommends all users and administrators in the maritime industry review the Secureworks report on Gold Galleon and organizations from all industries are encouraged to educate end users on the threat of BEC and similar social engineering schemes, implement account security features such as multi-factor authentication, observe strict wire transfer policies, and verify vendors and clients prior to conducting financial transactions. Organizations are also encouraged to implement a defense-in-depth cybersecurity strategy, employ the Principle of Least Privilege, and keep hardware and software up-to-date.