Tuesday, October 18, 2016

MetaData Exposed – Cruise, Merchant and Gov. Vessels


Wapack Labs analyzed vital metadata which began through an instructional video explaining cyber concerns on cruise ships.  The video revealed an Autonomous System Number (ASN), which subsequently identified a U.S. based telecommunication company.  Research confirmed this company, an Internet Service Provider (ISP), had exposed numerous Internet Protocols (IP) which were directly connected to cruise, merchant and government/MIL vessels.  Negative implications to this open IP metadata are serious and could be used in many nefarious ways.  This information is being supplied for your situational awareness.  

Publication date:                  12 October 2016

Handling requirements:        Traffic light protocol (TLP) AMBER

Attribution/Threat Actors:    Unknown at this time

Actor Type:                           Adversary capabilities have been assessed as Tier III & IV*

Potential Targets:                  Cruise ships, merchant vessels, and Govt/MIL vessels

Past Reporting:                      Red Sky Alliance: DOC-4266, DOC-3881

*Practitioners who focus on the discovery and use of unknown malicious code, are adept at installing user and kernel mode root kits10, frequently use data mining tools, target corporate executives and key users (government and industry) for the purpose of stealing personal and corporate data with the expressed purpose of selling the information to other criminal elements. 

*Criminal or state actors who are organized, highly technical, proficient, well-funded professionals working in teams to discover new vulnerabilities and develop exploits.

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or feedback@wapacklabs.com.

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.