Maritime Vessel Attacks on the Rise

12998942657?profile=RESIZE_400xCyber risks continue to expand across industries, and as ships and boats at sea increasingly become connected to the shore in the name of crew welfare and operational efficiency, so too grow the risks that a ship could be hacked, the safety of its crew and cargo compromised.  “Cyber risk is real, it's really growing substantially, especially with increased concerns around geopolitical tensions, which is having a direct impact on maritime operations,” said Cedric Warde, Vice President, at Digital.  “It’s important to note that ships today are increasingly connected, and their OT and equipment are also integrated with IT systems, which means that the attack surface is expanding.”[1]

Whether it is a navigation system, a propulsion system or any other critical onboard system, being intertwined with the IT system onboard makes it more efficient and effective in the operational sense, but also leaves it vulnerable to cyber-attack.  It was reported recently in the Wall Street Journal that GPS spoofing and hacks, particularly in the Middle East and over the Black Sea, have increasingly impacted airline operations in not only showing erroneous position, but also in providing false readings for onboard systems.  While ships at sea are not operating more than a mile above the earth, cyber hack impacts in maritime can lead to bigger disasters, such as grounding of the vessels, collisions, and even environmental disasters such as oil spills.  “From our perspective, we see a mix when it comes to proactive and reactive approaches,” said Warde. “Some customers are ahead of the curve.  They are implementing security controls very early on in the process; they're monitoring their vessels; they're conducting regular assessments.  But others, the majority, are more reactive to regulations or specific incidents.

“In terms of cybersecurity alerts, we see a huge increase,” said Cedric Warde. “The number of alerts grew from a 100,000 alerts in January to around 270,000 alerts by April 2024.  What does this mean?  It means really that the attackers are increasing the frequency of low-impact attempts, which also could lead to more serious threats if they're not addressed promptly.”

A New Report on Maritime Cyber Risk - Next month Marlink will offer a new Security Operations Centre (SOC) Report which examines the threat landscape in maritime, and the company is well-suited to offer insights.  Marlink supports around 8,000 vessels ranging from commercial ships to offshore installations and yachts.  “We have a network across 140 countries,” said Cedric Warde, Vice President, Global Sales – Digital. “We have a maritime security operation center, which is today monitoring around 2,000 vessels, managing 2,000 firewalls, and also managing 8,000 endpoints.”  Marlink recently acquired Diverto, a pioneer in the provision of advanced IT and operational technologies (OT) security solutions for enterprise and critical infrastructure, adding about 50 cybersecurity specialists and 150 cybersecurity certifications to Marlink’s practice.

While Warde could not share complete details of the new SOC report, he did offer a his view:  “In terms of cybersecurity alerts, we see a huge increase,” he said. “The number of alerts grew from a 100,000 alerts in January to around 270,000 alerts by April 2024.  What does this mean?  It means really that the attackers are increasing the frequency of low-impact attempts, which also could lead to more serious threats if they're not addressed promptly.”

In analyzing the types of alerts, he said there is “a wide variety of incidents, ranging from phishing schemes to ransomware, but also we see an increased number of attacks targeting operational technology equipment specifically.”  Phishing schemes represent nearly half (48%) of the cyber incidents in 2024, but control and command attacks are not far behind at 36%.  “This is due to the exploitation of malicious files and documents,” said Warde.  “We also see a rise of botnet targeting IoT devices, which also indicates the importance of IoT security.  So today what's the biggest concern for us is also the sophistication of these attacks.  These attacks are becoming more and more tailored towards maritime time specific systems.”

When it comes to protecting against cyber threats, it been proven time and again that even the best laid defense can be penetrated.  But Warde said that the first, best approach is “to adopt a multilayered approach to cyber security, which includes conducting regular assessments, implementing strong network defenses, monitoring 24x7 critical systems on board, and also training their crew.”

Importantly, he highlights that cyber security is a team sport: “it is not only an IT issue, but it's also an operational issue.  Ships today are increasingly interconnected, and it means any cybersecurity attack can not only compromise the operations, but also can threaten the security and safety of the crew.  So, it's important that operations and IT work closely together to ensure a safe environment for the vessels and the crew.”    

This article is shared at no charge for educational and informational purposes only.

Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization.  We provide indicators of compromise information via a notification service (RedXray) or an analysis service (CTAC).  For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@redskyalliance.com    

Weekly Cyber Intelligence Briefings:

Weekly Cyber Intelligence Briefings:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://register.gotowebinar.com/register/5378972949933166424

[1] https://www.marinelink.com/news/cyber-threats-maritime-vessels-grow-517825

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!