On Wednesday the 11th of March 2020, the Director General of the World Health Organisation (WHO) officially used the term ‘pandemic’ to describe the COVID-19 outbreak, causing many countries to shut their borders, lockdowns to be put in place across a third of the world, and economic activity to begin to slow. Whilst the impact on the shipping industry was only marginalised to begin with, China is a major player within the global shipping sector and as a key partner for many countries maritime activity. This meant that the world quickly began to feel the effects of COVID-19, before it had even spread beyond the confines of China. As the virus progressed on a global scale, the threat level quickly escalated in many countries, and as a result, the cruise and shipping industries began to feel the full force of COVID-19.
With the Marine and Offshore industries being hit by a what seemed to be a tidal wave of drawbacks, this sector has become a flashing beacon of vulnerability to the cyber-criminal community. With operations already significantly impacted and staff at the brink of maximum-capacity, businesses within the Marine and Offshore sectors are struggling to stay afloat. With this added stress, it becomes easy to take your eye off the ball when it comes to cyber-security, a fact that cyber-criminals are all to quick to recognise. So, what are the main cyber-threats the Marine and Offshore sectors are facing currently? In this blog post, we’ll take a look at some of the top cyber-threats to these sectors, giving M&O businesses a heads up on where they need to keep their guard up the most during the pandemic.
Phishing Attacks Using COVID-19 Communications
A phishing attack is an Email sent with malicious payloads or links and can be targeted to specific individuals or sent to multiple people/ on mass. Phishing attacks remain the preferred attack method for gaining access to organisations and data, in which it’s important to ensure your organisation is effectively protected. We have recently observed several phishing campaigns of different levels of sophistication, specifically targeting maritime organisations.
One of the most basic types of phishing campaigns are those aiming to get access to valid credentials for an online service or portal. These often take the form of an email with a link disguised to look like the legitimate service, and an enticement (usually a time-pressure) to get the user to click it. We are particularly seeing a lot of these emails at the current moment where malicious parties are using COVID-19 related communications to capture people’s attention, in which statistics show that over 80% of recent email-based threats are part of COVID-19 communications. Of this, a specific research activity has found that over 500,000 messages, 300,000 malicious URLs and 200,000 malicious attachments with COVID-19 themes were sent since late January. Below, an example can be seen of one malicious email thread which has been circulating through the network of global shipping giant – Maersk.
More info on this can be found in our latest COVID-19 Threat Intelligence Summary.
Whilst the level of sophistication of this type of attack Is relatively low, the possibility of this type of attack happening is high as all it takes is a simple website host insecurity or a missed plug-in update.
What’s more, the consequences of this type of attack are high, with the impact of a successful attack of this nature being that the perpetrator would be able to gain access to your accounts on the service they are targeting. They would then be able to access potentially sensitive information, or impersonate your company to carry out further attacks on others.
Physical infiltration occurs when physical devices are inserted or existing hardware is tampered with to implant malicious code or rogue communications/tapping systems. One of the most common malicious actors who carry out this type of attack is smugglers, who often try to gain information about a shipping operation in order to intercept assets and plant illegal items such as drugs within the cargo.
However, this can be kept under control by strengthening physical security controls so the risk of this class of attack will then be reduced. These controls should be assessed in relation to the requirements of the facility, but might include access cards, alarms and CCTV. Computer networks should restrict access only to trusted devices and be segmented to prevent access to sensitive systems from locations where that access is not required. For example, an office environment where staff and visitors may connect devices should not be able to connect directly to databases or servers. Additionally, security monitoring should include checks for unauthorised devices and rogue Wi-Fi access points.
Modern Piracy in the Time of COVID-19 Pandemic
Piracy involves hacking techniques used to locate vessels and containers of value or interest to pirates. To help prevent this type of attack, it is essential to invest in the right security infrastructure and take and time to create an ongoing maintenance plan. In terms of keeping your infrastructure up to date, it’s important to ensure that software systems used are kept patched with up-to-date versions.
It’s also vital to ensure custom developments are developed following best security practises, as well as undergoing sufficient security testing before deployment.
Visit our Security and Network Solutions page to find out how Nettitude can help with this.
ECDIS malware attacks happen when Electronic Chart Display and Information systems (ECDIS) are targeted with malware as they provide a key platform from which to both gain information and inform further aspects of an attack.
Whilst USB’s still remain a large hazard in this type of attack, some statistics indicate that the use of USB distribution as an infection vector for malware has become less common. One reason for this could be because the usage of USB devices has decreased. However, there are still malware families out there that spread this way, and there are many cases where computers infected with ‘old’ malware families continue to spread when users connect USB devices to them. To ensure ECDIS integrity, it’s important to ensure that machines used to download updates have up-to-date antivirus software installed, and memory sticks and other computing devices used for critical ship components are dedicated to the task and not also used on other machines.
GPS Jamming and Spoofing
The jamming of signals is designed to cause maximum disruption by hiding the movement of assets or by disrupting the ability to track shipping. While GPS jamming is obviously disruptive, spoofing GPS signals so a vessel appears to be in an incorrect location could be significantly more damaging as it is potentially much harder to detect.
With advances in Software Defined Radio (SDR) equipment, spoofing GPS signals has become possible with relatively cheap hardware. Using a HackRF SDR, which retails for around $300 and an open-source project gpd-sdr-sim, it is possible to simulate GPS baseband signal data streams and broadcast them to nearby receivers. This has been demonstrated by several different groups, with goals ranging from bypassing UAV exclusion zones15 to cheating at Pokemon Go!
Overall, the above five types of cyber-attack are part of a growing series of threats that the Marine and Off-shore sectors face. There’s no doubt that the current COVID-19 situation has placed an increasing amount of strain on this sector and as such we must be continually mindful of the preventative measures that can be taken to reduce businesses threat landscape. For more information on the effects of the recent pandemic on cybersecurity, please download our latest Threat Intelligence Summary.
This blog post is based on a Nettitude Research and Innovation Report on Threat case studies. For the full list of Cyber-threats to the M&O sector, alongside relevant real world examples, please download the accompanying report here.