Gold Galleon Targets Maritime Shipping Companies, Customers in BEC Campaigns

A security intelligence group reported that an emerging threat actor has been launching business email compromise (BEC) and social engineering attacks focused on global maritime shipping and related companies and their customers since June 2017. Found to be likely based in Nigeria, the group, called Gold Galleon, has attempted to steal at least $3.9 million in roughly seven months. These companies — which are based in South Korea, Japan, Philippines, Norway, Saudi Arabia, United States, Colombia, Egypt, and Singapore — have been targeted for their dependency on emails to communicate and transact business.

[Read: Delving into the world of Business Email Compromise (BEC)]

According to the report, the group is composed of at least 20 criminals who launch BEC campaigns against organizations in the shipping industry, ship management services, port services, cash to master services, and their respective customers. Using a myriad of methods such as BEC and email spoofing, the group members distribute spear phishing emails to intercept correspondences, steal credentials, redirect funds to their respective accounts, and change documentations’ content. The researchers noted that the pattern of operation is to use free or inexpensive tools, but the group compensates for the low-tier technical dexterity with social engineering and persistence.

[Read: Business Process Compromise, Business Email Compromise, and Targeted Attacks: What’s the difference?]

The group was found using Nigeria-based internet infrastructure and Nigerian Pidgin English in their conversations from instant messenger services, even as the campaigns disguised the group’s location using proxy and privacy services. It is possible that members gather email addresses by trawling company websites and publicly available information or purchase email listings of target businesses. Like other BEC groups, Gold Galleon’s chest of tools includes remote access tools such as keyloggers, remote access trojans (RATs), and email lures. The group also performs malware testing to check its own tools’ detection rates.

[Related: Red Flags: How to spot a business email compromise scam]

BEC is not a new technique for committing fraud against businesses, and 2016 saw a compounded rise in declared BEC financial losses for entrepreneurs, especially for small and medium enterprises. The number is expected to surpass the $9 billion mark this year. That’s why safety from BEC scams should remain a top priority for businesses. Educating employees can easily make it part of the company culture and workforce mindset.

  • Carefully check all emails for irregularities, especially those from C-level officers requesting employees to act with urgency.
  • Verify with vendors if there are changes in payment accounts and locations, and establish a secondary sign-off with company personnel.
  • Verify and confirm fund transfer requests over the phone with two-factor authentication, and use familiar or commonly used numbers instead of the contact information specified in an email.

While the human factor remains to be the weakest link for successful BEC attacks, these scams have also prompted improved and more advanced solutions to counter email threats.

Trend Micro Solutions

Trend Micro offers complete and updated protection through XGen™ security, with collaborative on-premises and cloud security solutions working 24x7. Blocking more than 66 billion threats in 2017, over 85 percent of which were emails with malicious content, Trend Micro maximizes cross-generational threat defense techniques — including the latest artificial intelligence and machine learning technologies — to protect your organization.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.