maritime (9)

8744873880?profile=RESIZE_400xWith the recent shipping stoppage in the Suez Canal, it became very apparent the transportation vulnerabilities in areas of constricted passages.  Preliminary reports indicate mechanical and weather errors caused the grounding; or was it?  Engine failure and heavy weather have both been cited as reasons behind merchant vessel (M/V) Ever Given’s grounding in the Suez Canal.  But neither are convincing and plain old navigation errors (humans) may be at the root of the casualty, report Lloyd's of L

8693125479?profile=RESIZE_400xDigitalization in the maritime sector remains a double-edged sword, because while technology and digital tools support the supply chain significantly, these same tools have opened new vulnerabilities.  Competition in the digital arena is the reflex response from the shipping sector designed to compete at every level.  The industry, however, must relearn its reactions to develop a collaborative mind-set when developing cyber systems, particularly where cybersecurity is concerned.[1]

Increased con

8592547298?profile=RESIZE_400xFor over a year and a half, Red Sky Alliance has provided Dryad Global with weekly Vessel Impersonation Reports and Maritime Watch Lists to help the maritime community better protect against cyber intrusions.  Our friends at Dryad Global have issued their Annual Report for 2020/2021, which highlights various maritime hotspots around the globe. 

This is the link for the Annual Report: Dryad Global: Annual Report 2021

7962214498?profile=RESIZE_400xThe current US administration is signaling it will be updating the US government’s approach to its maritime cybersecurity strategy.  Cyber security priorities are being discussed to enhance and secure the US’ ability to ‘project power at sea and defend against adversarial cyberattacks.’  The plan involves a re-examination of the national approach to information sharing and better emphasizing the use of operational technologies in ports. 

Hackers at all tier levels have long targeted shipping fir

7541747475?profile=RESIZE_400xCarnival Corporation & PLC is the largest cruise line operator in the world.  In 2019, Carnival pulled in a record revenue of $20.8 billion.  Even with the troubles of 2020, this makes them a significant target for attackers looking to earn a profit. On 15 August 2020, Carnival Corp & PLC detected a ransomware attack that encrypted a portion of one brand’s IT systems.  Attackers not only encrypted the data, but also downloaded certain files indicating some data was stolen. In their SEC filings,

6325083890?profile=RESIZE_400xThere is a Russian saying that rings true in protecting entities against cyber threats, “I am not concerned about all of the wolves in Siberia, I am only concerned about the wolves that are now chasing my sleigh.”  The world is full of cyber threats, hackers and state sponsored cyber terrorists who are targeting governments, businesses, and organizations.  The way Red Sky Alliance can help the maritime industry and its supply chain is to focus on the cyber threats directly targeting a specific o

3724012340?profile=RESIZE_710xChina Coverage of Report on the Cyber Vulnerabilities of Asian Ports

SUMMARY

Nanyang Technological University in Singapore has just released a report examining the economic losses expected if Asian port systems, including several in China, were subjected to a major cyber-attack.  This report did not assess the cyber vulnerabilities of Asian ports but rather postulated a major attack in order to calculate economic impact, with a focus on losses in the insurance industry.  The report concluded tha

Figure 1. AS-12/AS-31 Losharik tentative schema.

On 1 July 2019, fourteen Russian sailors died in a fire during the testing of a secret Russian military submarine.   The type of vessel is believed to be an AS-12/AS-31 “Losharik” deep-diving nuclear sub.  While the Russian government insists, they were just surveying the ocean floor for science, the high military ranks of the participating sailors show that the spy capabilities to include taping and severing undersea communication cables are the p

On 7-9 May 2019, Wapack Labs detected an increase in malicious emails with the spoofed sender field accounts@hhhmarine.com.sg.  Hackers deliver malicious attachments under the pretense of an incoming SWIFT transfer (Figure 1).

2539548681?profile=RESIZE_710x

Figure 1. Email text spoofing HHH Marine Services on 8 May 2019.

The attackers use the popular malware Lokibot.  Wapack Labs detected communications of these samples to known and new Lokibot C2s:

  • kbfvzoboss[.]bid/alien/fre.php
  • carlos-tevez[.]gq/raphael/fre.php
  • uenajrkja[.]ml/ch