Red Sky Alliance performs queries of our backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments. Red Sky Alliance is providing this list of Motor Vessels in which Red Sky Alliance directly observed the vessel being impersonated, with assoc
maritime (50)
Warnings have been issued for years. The techniques were simple enough: penetrate the platform through the onboard navigation system and then go horizontally across the onboard networks to gain control of key systems such as steering and the throttle. The hackers did exactly this and surprisingly without foreknowledge of the specific systems they were to hack prior to beginning the penetration. They were in and through the navigation interface in a remarkably short time and had control of bot
With the recent shipping stoppage in the Suez Canal, it became very apparent the transportation vulnerabilities in areas of constricted passages. Preliminary reports indicate mechanical and weather errors caused the grounding; or was it? Engine failure and heavy weather have both been cited as reasons behind merchant vessel (M/V) Ever Given’s grounding in the Suez Canal. But neither are convincing and plain old navigation errors (humans) may be at the root of the casualty, report Lloyd's of L
Digitalization in the maritime sector remains a double-edged sword, because while technology and digital tools support the supply chain significantly, these same tools have opened new vulnerabilities. Competition in the digital arena is the reflex response from the shipping sector designed to compete at every level. The industry, however, must relearn its reactions to develop a collaborative mind-set when developing cyber systems, particularly where cybersecurity is concerned.[1]
Increased con
For over a year and a half, Red Sky Alliance has provided Dryad Global with weekly Vessel Impersonation Reports and Maritime Watch Lists to help the maritime community better protect against cyber intrusions. Our friends at Dryad Global have issued their Annual Report for 2020/2021, which highlights various maritime hotspots around the globe.
This is the link for the Annual Report: Dryad Global: Annual Report 2021
The current US administration is signaling it will be updating the US government’s approach to its maritime cybersecurity strategy. Cyber security priorities are being discussed to enhance and secure the US’ ability to ‘project power at sea and defend against adversarial cyberattacks.’ The plan involves a re-examination of the national approach to information sharing and better emphasizing the use of operational technologies in ports.
Hackers at all tier levels have long targeted shipping fir
Carnival Corporation & PLC is the largest cruise line operator in the world. In 2019, Carnival pulled in a record revenue of $20.8 billion. Even with the troubles of 2020, this makes them a significant target for attackers looking to earn a profit. On 15 August 2020, Carnival Corp & PLC detected a ransomware attack that encrypted a portion of one brand’s IT systems. Attackers not only encrypted the data, but also downloaded certain files indicating some data was stolen. In their SEC filings,
There is a Russian saying that rings true in protecting entities against cyber threats, “I am not concerned about all of the wolves in Siberia, I am only concerned about the wolves that are now chasing my sleigh.” The world is full of cyber threats, hackers and state sponsored cyber terrorists who are targeting governments, businesses, and organizations. The way Red Sky Alliance can help the maritime industry and its supply chain is to focus on the cyber threats directly targeting a specific o
China Coverage of Report on the Cyber Vulnerabilities of Asian Ports
SUMMARY
Nanyang Technological University in Singapore has just released a report examining the economic losses expected if Asian port systems, including several in China, were subjected to a major cyber-attack. This report did not assess the cyber vulnerabilities of Asian ports but rather postulated a major attack in order to calculate economic impact, with a focus on losses in the insurance industry. The report concluded tha
On 7-9 May 2019, Wapack Labs detected an increase in malicious emails with the spoofed sender field accounts@hhhmarine.com.sg. Hackers deliver malicious attachments under the pretense of an incoming SWIFT transfer (Figure 1).
Figure 1. Email text spoofing HHH Marine Services on 8 May 2019.
The attackers use the popular malware Lokibot. Wapack Labs detected communications of these samples to known and new Lokibot C2s:
- kbfvzoboss[.]bid/alien/fre.php
- carlos-tevez[.]gq/raphael/fre.php
- uenajrkja[.]ml/ch
