While many critical infrastructure segments such as oil pipelines, offshore refineries, utility companies, and water treatment plants were registering a spike in cyberattacks, the number of background attacks on shipping companies and assets quietly rose to an all-time high yesterday. When analyzed in the context of growing attacks on global supply chains, this does present many reasons for cybersecurity planners to not just worry about securing their assets but also act to improve cybersecurity across the Maritime industry.
After almost two-quarters of decline, cyberattacks on maritime assets started rising in February this year. The rise was not a steep one but instead, the volume kept rising till touching an all-time high of 1,09,333 as of noon yesterday.
One of the attacks isolated by Sectrio’s researchers involves the use of info stealers The sequence of events is triggered by a phishing mail that invites the user to download ‘clearance certificates’ from various multilateral agencies for port operations. The document hosted on shady websites does indeed contain a fake certificate. On preview, it shows the viewer a portion of the document that looks authentic. When downloaded, the document asks the user to enable parts of the content that relate to malicious macros.
Also Read: Maritime Cybersecurity: Rising cyber threats
The macros then start assembling multiple payloads from various sources on the web. Once the final payload is assembled on the victim system, the payloads start executing and mopping up all kinds of information from the infected machine in addition to using the machine as part of a wider botnet.
Top 5 reasons why the Maritime sector is being attacked
- With global sea commerce rising, hackers feel shipping companies may be easy targets when it comes to paying a ransom
- Many of the systems across OT and IoT have not been patched since 2020 or even earlier this has given bad actors a chance to access networks and resources using security gaps that have emerged since
- Bad actors may be trying to disrupt global supply chains to push the prices of commodities even higher
- Some of these attacks could be motivated by geopolitical factors
- Some of the major ports are also key target cities for APT groups and other sophisticated hackers
Top 5 impacts
- Hackers are targeting navigation systems and this could cause a major accident on the high seas or even when the ships are returning to their ports
- Delay in economic recovery if some of these attacks succeed
- Loss of commodities could lead to a rise in prices
- Supply chain attacks could create challenges downstream as a delay in the arrival of input components may cause an escalation of costs or a temporary shutdown of production lines
- An ecological disaster could potentially result from a successful cyberattack on a shipping vessel
So how can Maritime companies defend themselves against such attacks?
Sectrio’s cybersecurity solutions and threat intelligence can help maritime companies operate with adequate levels of security by detecting threats and risks early and mitigating them. We are among the few companies with a solution deployed on ships and onshore maritime infrastructure.
Talk to our cybersecurity experts today to get to know more about our IT-IoT-OT cybersecurity solutions and threat intelligence. Book here.
We invite all cybersecurity leaders across verticals and countries to participate in this survey. Your participation will enable us to turn the survey into a more participative and comprehensive effort: CISO survey 2022
Try our threat intelligence feeds for free for the next two weeks.