Cybercriminals are infiltrating the maritime sector, carrying out increasing attacks not only on shipping systems but also on vessels.
Last week, tug owners were warned to be vigilant for cyberattacks and malware, after a US tug was targeted. The attack was carried out through a phishing email with a voicemail-themed attachment, spoofing the tug’s operator.
The incident, the first one to ever involve a tug, was reported to the US Maritime Transportation System and Information Sharing and Research Analysis Centre (MTS-ISAC), a maritime cybersecurity organisation.
As towage vessels rely more on online services to function properly, their vulnerability to cyber threats increases. But what can towage vessel (and the general maritime industry) operators do to shield themselves from attacks?
The tugboat incident and the industry-wide ramifications
According to Nozomi Networks co-founder Andrea Carcano, what happened in the US must be seen as a warning.
“It’s a reminder that threat actors are lurking,” he explains. “As our global pandemic forces more remote work scenarios and as maritime organizations modernise and embrace digitalisation, they must take steps to prevent and defend against cyber threats.”
According to the recent Maritime Cybersecurity Survey conducted by Safety at Sea and BIMCO, in the 12 months prior to February 2020, 31% of organisations fell victim of cyberattacks – a 9% increase compared to 2019.
In the last three years, attacks on the maritime industry’s operational technology (OT) reached concerning levels. Robert Rizika, head of North American operations at Naval Dome, reported that cyberattacks on OT have increased by 900% – from 50 in 2017, to 120 and 310 in 2018 and 2019 respectively.
Towage vessels have also become important targets because of their part in the supply chain.
“Tug operations are critical to guiding in massive cargo ships into ports,” says KnowBe4 security awareness advocate James McQuiggan. “If the tug operations, the boats or infrastructure were to be infiltrated or hit with a ransomware attack, it would cripple the port, which can then impact the supply chain for the many organizations that rely on this transportation for their goods.”
Jamie Akthar, CEO and co-founder at London-based cybersecurity firm CyberSmart, believes that the alert sent was a signal of the industry taking cybersecurity seriously.
“With such interconnected operations, one breach within one company in a supply chain can have serious knock-on effects for the other suppliers or organisations they work with,” says Akthar.
“Issuing these kinds of widespread alerts is a good step towards maintaining awareness.”
How to protect yourself from cyberattacks
Cyberattacks such as phishing emails, explains Akthar, are becoming more sophisticated in the way they pose as legitimate sources.
“Equipping employees with the skills they need to prevent breaches is absolutely essential for businesses today, particularly as they transition into a work environment that is increasingly online,” he says.
A sign to recognise phishing, adds Akthar, is to look out for spelling and grammatical errors, as well as eager messaging, pop-ups and unsafe links.
“[Employees] should also look carefully at who the email is from. Phishing attempts often use the name of someone they know (a colleague or friend, for example) but with the wrong domain address.”
To train employees, McQuiggan says it’s essential for companies to “work with an organization to implement a security awareness training program to ensure that employees can make smarter security decisions to protect their equipment from various attacks.”
Carcano also believes that companies working in the sector should provide both protections to email attachments as well as authentication mechanisms to minimise the risk of stolen identity.
“Finally, be sure to have a robust security process and response plan in place to quickly find, contain and sanitize incidents as soon as possible should they happen,” he says.
“Technology is available to give asset owners the insight they need into their devices, connections, and communications. With the right technology and a focus on best practices, maritime organizations can increase operational resiliency.”
What does the future hold?
All three experts believe that the number of cyberattacks is likely to increase.
“Our research team’s own analysis of ransomware and other cyber threats has observed a steep rise in threats targeting operation and critical infrastructure,” explains Carcano.
According to Akhtar, the increase can be directly linked to the ongoing Covid-19 pandemic. “Cybercriminals are opportunistic and we have seen a rise in breaches since the pandemic because they know most industries are directing their attention to keeping business operations afloat rather than investing in security,” he explains.
“Until organisations begin to take preventative measures and establish strong cyber hygiene practices, we will most certainly see more attacks like these.”