The US Coast Guard (USCG) is warning that currently unidentified hackers have recently attempted to gain access to various ship’s electronic systems in order to obtain sensitive business information and disrupt shipboard computer systems.[1] [2]
USCG reports that “cyber adversaries are attempting to gain sensitive information from shipboard systems, including the contents of an official Notice of Arrival, using email addresses that pose as an official Port State Control (PSC) authority (for example, port @ pscgov.org).” The alleged "phishing" attacks against the maritime sector have been documented in the past, particularly in business-to-business transactions between shoreside stakeholders (port facilities). The USCG is urging vessel operators to verify the validity of an email sender, prior to responding to unsolicited email messages. If there is uncertainty regarding the legitimacy of the email request, a vessel or their officials need to contact the PSC authority directly.
The USCG has received reports of malicious software designed to disrupt shipboard computer systems. The USCG is aware of these incidents because vessel masters have reported suspicious activity to the Coast Guard National Response Center (NRC), thereby enabling federal agencies to understand and address cyber threats in the maritime sector. By US federal regulation, American vessels must report cyberattacks and suspicious activity to the NRC.
Phishing attacks in the maritime sector have been a serious issue for many years. Cyber criminals, at many tier levels, have long been sending legitimate-looking correspondence to solicit payments, defrauding the ship operator or other stakeholder (ports and shipping companies) by getting them to wire money to the fake bank accounts. Wapack Labs issues timely vessel impersonation reports, delineating these type cyber attempts and providing indicators of compromise. This to help our members protect against bad actors. Previous information provided by marine insurer Skuld, explained that a hacker spoofed the Suez Canal Authority and emailed vessels to ask for detailed and confidential information. The bad actor then requested for settlement of false invoices and ended defrauding the vessel operators (thus the insurance claims). In this case the motive was financial fraud, yet the risks from this form of cyber-attack reaches far beyond financial loss. If a malicious actor(s) obtained sensitive information about a vessel's itinerary, schedule and its operations, hackers could compromise the vessel's cyber security and navigate the vessel toward a serious physical attack.[3] Think of the current tension in the Persian Gulf and the hacking tactics that could be employed.
Wapack Labs is located in New Boston, NH. We are a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com
[1] https://www.maritime-executive.com/article/u-s-coast-guard-warns-of-cyberattacks-targeting-merchant-ships
[2] https://www.dco.uscg.mil/Portals/9/DCO%20Documents/5p/MSIB/2019/MSIB_004_19.pdf
[3] https://safety4sea.com/uscg-warns-of-cyber-adversaries-targeting-commercial-vessels/
Comments