Technology News

Malware Hidden In Chinese Inventory Scanners Targeting Logistics and Shipping Companies

TrapX discovers ‘Zombie Zero’ advanced persistent malware - Made in China; state sponsored attack targeting shipping and logistics industry worldwide.

TrapX Resources

Companies

  • TrapX is a leading provider of cloud-based and on-premises cyber-security solutions.
 Some of the world’s leading Global 2000 enterprises serving the financial services, national critical infrastructure, retail, healthcare, pharmaceutical, and other industries rely on TrapX to strengthen their…

  • Company Quicklook

TrapX, provider of the fastest growing sensor-based HoneyGrid™ in the world, announced the discovery of a highly sophisticated, polymorphic advanced persistent malware dubbed “Zombie Zero” targeting the shipping and logistics industry across the globe.

Weaponized malware was delivered into shipping and logistics enterprise environments from a Chinese manufacturer responsible for selling proprietary hardware for terminal scanners used to inventory items being shipped or transported in and out many countries.

The malware was delivered through the Windows embedded XP operating system installed on the hardware at the manufacturer’s location in China and could also be downloaded from the Chinese manufacturer’s support website.

A variant of this malware was also sold and delivered with the same hardware product to a large manufacturing company as well as to seven other identified customers of this hardware product worldwide.


Source: TrapX Zombie Zero report

Description of Zombie Zero Behavior and Attack

  • Once the scanner was attached to the wireless network and put into production it immediately began an automated attack of the corporate environment using the server message block protocol.
  • The shipping and logistics target installed security certificates on its scanner devices for network authentication but because the devices were already infected with the advanced persistent malware from the manufacturer, the certificates were completely compromised.
  • The scanned data (origin, destination, contents, value, to, from, etc.) was copied and sent out to an established comprehensive command and control connection (CnC) to a Chinese botnet that was terminated at the Lanxiang Vocational School located in the  “China Unicom Shandong province network”. The Lanxiang Vocational School has been linked to on-line attacks of Google and implicated in the Operation AURORA attack. The Chinese scanner manufacturer is located blocks away from the Lanxiang Vocational School.
  • A second payload was then downloaded from the botnet that established a more sophisticated CnC of the company’s finance servers giving the cybercriminal access to corporate financial data, customer data, detailed shipping and manifest information.
  • The exfiltration of all financial data as well as CRM data was achieved providing the attacker complete situational awareness and visibility into the shipping and logistics targets worldwide operations.

“The problem with legacy security technologies is that they are not able to adapt to defend against emerging threats in real-time,” said David Monahan, Research Director at Enterprise Management Associates. “Today’s threat actors are smarter than ever morphing their attacks multiple times to achieve the goal of undermining existing security defenses. The next generation of security solutions must be just as adaptable to counter these modern threats.”

“Security futurists have long favored honeypots as a way to actively defend the network. The challenge with honeypots is that they’ve largely required manual deployment. They’ve been difficult to scale across the network, particularly in rapid response to current attacks,” said Yaniv Alfi, cofounder and CEO. “TrapX has taken the honeypot idea to the next level. We provide a virtualized honeygrid platform that not only emulates hundreds of services across the network—our software also senses hostile scans and spins up targeted honeypots where they’re needed most in order to identify cybercriminal, insider, or nation-state activity.”

TrapX, formally known as CyberSense, conducts powerful real-time analytics and threat intelligence to support Adaptive Defense of the network while providing full incident lifecycle management – detection, remediation and prosecution. The TrapX 360 platform is designed to detect and interdict lateral movement within networks and keep attackers from establishing footholds in the network nerve center.

The Anatomy of the Attack
The move to cloud based technologies and virtualization has amplified the rate of change within data centers. Operations teams stand up services one day, and spin them down another. Capabilities come, and capabilities go. And throughout the flux, the number of virtual machines and services continues to grow, week after week, month after month.

Download the paper

Corporations have fought to keep pace with threats to these fluid data center environments. But in today’s world, the threats evolve just as quickly as your business. This coupled with an uneven security playing field full of nation states and crime syndicates who possess significant monetary resources and capabilities. The active defense of your company assets is now directly tied to your ability to detect, analyze, and interdict Zero-Day threats from a world of bad actors.

Attacks keep slipping through corporate defense in depth architectures because legacy security products aren’t built to adapt to threats in real-time. Today’s threats are fluid like today’s clouds and data centers. The next generation of security technologies must be just as elastic to counter these modern threats.

This is where TrapX changes not just the security model but also the business model. We change the asymmetric aspect of the cyber battlefield by giving the net defenders the automated tools to defeat the attacking perpetrators creating an elastic and Adaptable Defense™.

In support of our existing customers and educating corporate and government entities, TrapX will continue to publish on a monthly basis The Anatomy of the Attack. With the largest sensor based HoneyGrid™ in the world, the TrapX 360 platform is uniquely positioned to detect, analyze, and report in real-time Zero-Day and APT threats in a completely automated framework.

Subscribe to the monthly The Anatomy of the Attack newsletter


TrapX today also released a free tool for forensics investigators called Threat Inspector. “We’ve cobbled together some top open source tools and put in a front-end wizard that will allow any engineer to get forensics reports off infected machines,” TrapX says.

About TrapX
TrapX has invented a purpose-built, virtual appliance-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. The TrapX360™ Platform provides real-time, adaptive threat protection by leveraging our patented HoneyGrid™ malware trap and DPI technology. TrapX360™ traps zero-day malware in its virtualized sensor network or HoneyGrid™ and next-generation malware traps before the malware can inflict significant damage to customers’ data centers or cloud deployments. Combined with fully automated advanced forensic capability and a threat intelligence fusion center, TrapX provides the most comprehensive context sensitive alerting and reporting in the market.

Related: Cyber Attacks Targeting Smartphone Supply Chains

Download the White Paper: Anatomy of the Attack: Zombie Zero

Article Topics
Trends   Technology   Security   All topics


Comments
Be the first to post a comment.
You must be logged in to post a comment. Login.

 
Latest Technology News
XPO Logistics to Deploy 5,000 Collaborative Warehouse Robots in North America and Europe
XPO Logistics will buy 5,000 warehouse robots from a Singapore startup backed by billionaire Peter Thiel as part of a deal that makes XPO the only logistics provider to use the technology in North America,…

Artificial Intelligence to Thrive in Logistics Industry
In a joint report, DHL and IBM have evaluated the potential of Artificial Intelligence (AI) in logistics and exposed how it can be best applied to transform the industry.

Key learnings from Supply Chain Insights’ Global Summit
In this blog post, I’ll summarize some key learnings I drew from the event and share some insights on Demand Driven supply chains and the industry’s technology landscape.

AI and the Hyper-Specialized Supply Chain
Nulogy CEO, Jason Tham, addressed the SCALE.AI community in Montreal, to address the role Artificial Intelligence (AI) will play in the emerging cognitive supply chain.


 

24|7 Pro Team

The 24|7 Team is your direct pipeline to solutions for your business challenges. It's your opportunity to have supply chain and logistics experts look at your specific challenges and needs, and give you free, no-obligation advice, solutions, and information.

The 24|7 Team will simplify the task of creating a database of likely partners, building your knowledge base, and preparing your Request for Proposal list.

1
  Choose a topic for your RFP

Transportation RFP/RFI

The Transportation RFP is your direct pipeline to solutions for your transportation challenges. It's your opportunity to have logistics experts look at your specific transportation challenges and needs, and give you free, no-obligation advice, solutions, and information specific to your request.

Choosing the perfect software or system can be an indomitable challenge. Using this transportation/TMS RFP will simplify the task of creating a database of likely partners, building your knowledge base, and preparing your Request for Proposal list.

Warehouse/DC Management RFP/RFI

The Warehouse Management Systems (WMS) RFP is your direct pipeline to solutions for your WMS challenges. It's your opportunity to have logistics experts look at your specific WMS challenges and needs, and give you free, no-obligation advice, solutions, and information specific to your request.

Choosing the perfect WMS solution can be an indomitable challenge. Using this WMS RFP will simplify the task of creating a database of likely partners, building your knowledge base, and preparing your WMS Request for Proposal list.

Supply Chain RFP/RFI

The Supply Chain RFP is your opportunity to have logistics experts look at your specific challenges and needs, and receive free, no-obligation advice, solutions, and information. It simplifies finding a pool of likely partners, building your knowledge base, and preparing your Request for Proposal list. The companies in the Logistics Planner have agreed to respond to your request for in-depth information and follow-up, and your request is totally confidential.

Software/Technology RFP/RFI

The Software/Technology is your direct pipeline to solutions for your logistics information technology challenges. It's your opportunity to have logistics experts look at your specific technology challenges and needs, and give you free, no-obligation advice, solutions, and information specific to your request. Whether it's WMS, TMS, Mobile or Cloud, our pros can help.

The companies listed below have agreed to respond to your request for in-depth information and follow-up. Your request is totally confidential.

Executive Education RFI

The Logistics and Supply Chain Education RFI can help you identify the schools, coursework, continuing education, distance learning and certification opportunities available from leading logistics educational institutions.

Upgrade and improve your logistics and supply chain skillsets. Whatever route you choose—advanced degree, executive education, certification or distance learning—the time and money you invest in your education today can pay off in continued career success tomorrow. Contact leading universities and professional institutions for the information you need to prepare for the future.

Third Party Logistics RFP/RFI

This 3PL Request for Proposal (RFP)/Request for Information (RFI) can help you find the 3PL and 4PL providers that can meet your specific 3PL service challenges and needs. The 3PL companies below will provide free, no-obligation third-party logistics advice, solutions, and information.

Ask your 3PL questions, you'll get answers. Simply complete the information, and detail your 3PL challenges. Then, check off the third-party logistics companies that you want to review your request.

1. Choose an RFI topic.
2. Enter your contact information and challenge.
3. Select companies and optional categories.
4. Submit.


2

Your Information



Your Challenge, Problem or Request *

3

Select Transportation Companies

  • Select All

  • 3Gtms
  • BluJay Solutions
  • CSX Trans. Intermodal
  • Kuebix
  • Landstar
  • Legacy Supply Chain Svs.
  • One Network
  • Pitt Ohio
  • Purolator
  • Quintiq
  • SEKO Logistics
  • SMC3


Select Relevent Categories

  • Air Freight
  • Intermodal
  • Motor Freight
  • Ocean Freight
  • Rail Freight
  • TMS

Select Warehouse/DC Management Companies

  • Select All

  • 3PL Central
  • Apex Supply Chain Tech.
  • Honeywell Intelligrated
  • Kuebix
  • Legacy Supply Chain Svs.
  • Swisslog
  • Westfalia Technologies
  • Zebra Technologies


Select Relevent Categories

  • Auto ID & Data Capture
  • Automation
  • Conveyors & Sortation
  • Lift Trucks
  • Packaging & Labeling
  • Pallets & Containers
  • Shelving & Racking
  • WMS

Select Supply Chain Companies

  • Select All

  • 3Gtms
  • 3PL Central
  • Amber Road
  • Apex Supply Chain Tech.
  • APICS
  • BluJay Solutions
  • CSX Trans. Intermodal
  • Frontier Business
  • Kuebix
  • Landstar
  • Legacy Supply Chain Svs.
  • Logility
  • One Network
  • Purolator
  • Quintiq
  • SMC3
  • Synchrono
  • TAKE Supply Chain
  • Westfalia Technologies
  • Zebra Technologies


Select Relevent Categories

  • Global Trade
  • Inventory Management
  • Risk Management
  • Sustainability

Select Software/Technology Companies

  • Select All

  • 3GTMS
  • 3PL Central
  • Apex Supply Chain Tech.
  • BluJay Solutions
  • Honeywell Intelligrated
  • Frontier Business
  • Kuebix
  • Logility
  • One Network
  • Quintiq
  • SMC3
  • Swisslog Logistics
  • Synchrono
  • TAKE Supply Chain
  • Zebra Technologies


Select Relevent Categories

  • ERP
  • Sales & Operations
  • Sourcing/Procurement
  • Optimization
  • Transportation Mgmt
  • Warehouse Mgmt

Select Executive Education Choices

  • Select All

  • Graduate Courses
  • Online/Distance
  • Executive Education
  • Certifications
  • Undergraduate
  • Seminars
  • Associations
  • Conferences
  • Tradeshows


Select Third Party Logistics Companies

  • Select All

  • 3PL Central
  • Landstar
  • Legacy Supply Chain Svs.
  • Purolator
  • SEKO Logistics
  • Westfalia Technologies


4
 

24|7 Company Profiles