A maritime VSAT (Very Small Aperture Terminal) is a two-way satellite internet terminal which receives and transmits real-time data via satellites. It is vital for many vessels to maintain a high-speed, reliable connection while offshore. In addition to the importance of connectivity for operations, it also serves a key crew welfare role. However, VSAT also presents cyber threats to vessels, due to the value of the data they transmit and their role as attack vectors for other technology on board.
VSATs are targeted by attackers because they provide access to other vessel infrastructure, and they are also a target in themselves. VSATs provide access to information technology (IT) and operational technology (OT) layers on a vessel, which are closely intertwined, making them a significant attack vector.[1]
Cyber-attacks on vessels can be executed by discovering and exploiting vulnerabilities in a sequential manner through the VSAT connection. An attacker may first penetrate telecom equipment and take control of the IT segment. Next, they may find problems in segmentation and access the OT layer, and finally, they could control OT equipment. Access to the OT onboard a vessel could provide attackers with internal information, potentially making pirate attacks easier. Pirates can thus cause havoc in the supply chain and affect commodity prices.
Attackers may also be able to arbitrarily intercept and modify Transmission Control Protocol sessions under certain network configurations, enabling man-in-the-middle and denial of service attacks against vessels at sea. Any such attacks may disrupt vessels’ trips and delay delivery of essential commodities.
As well as providing a way into more severe attacks, VSAT connections themselves contain desirable data, which may be targeted for theft. In fact, researchers have been able to intercept unencrypted sensitive data from maritime VSAT telecommunications using simple equipment, and attackers could steal this data too. Attacks may range from the interception and alteration of navigational charts to theft of passport and credit card details.
VSATs may be attacked in numerous ways like; via insecure passwords, open ports and un-updated firmware. Regarding passwords, hackers check if standard passwords are used on VSAT antennas and if they are not, they may apply “brute force” techniques to penetrate them instead. Another way inside is through open ports in telecom equipment. Hackers search for open ports in telecom equipment, in order to penetrate the vessel’s IT network, subsequently also leading them to the OT network. And finally, hackers may try to exploit known vulnerabilities in un-updated firmware of communication equipment, in order to gain access.
Considering the multiple ways in which VSATs could be impacted, there are also multiple ways to help mitigate against attacks. Cybersecurity policies and procedures are an important start to ensure good cyber hygiene throughout companies. In addition, VSAT scanners improve cyber security discipline with constant checks, and they protect against 90 percent of attacks in this way. Finally, it is suggested to introduce intrusion detection systems and endpoints onto the vessel, in order to protect against insider attacks and improve OT protection.
This article is presented at no charge for educational and informational purposes only.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments, or assistance, please get in touch with the office directly at 1-844-492-7225, or feedback@redskyalliance.com
Weekly Cyber Intelligence Briefings:
- Reporting: https://www.redskyalliance.org/
- Website: https://www.redskyalliance.com/
- LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/5504229295967742989
[1] https://maritime-executive.com/editorials/vsat-connectivity-comes-with-cybersecurity-threats-to-vessels
Comments