CyberKeel is a cybersecurity company founded in 2014 that primarily focuses on helping businesses in the maritime sector. Despite their brief existence, they’ve already seen their fair share of cybercrimes. The company recently investigated one of their customer’s email activity—a medium-sized shipping firm, which led them to make an unnerving discovery. Their client’s computer systems were infiltrated by a small virus that was monitoring all emails to and from staff in the firm’s finance department. When one of the shipping firm’s fuel suppliers sent an email requesting payment, the virus simply changed the message’s text before it was read, and added a different bank account number to send money. Millions of dollars were transferred to the cybercriminals before the shipping firm realized what was happening.
This particular client of CyberKeel turned out to be one of the many victims claimed by the NotPetya cyberattack. This form of malware hit several shipping firms, including maritime giant Maersk, which was affected so badly the company lost up to $300 million, and had to shut down port terminals managed by its subsidiaries like APM. The NotPetya cyberattack is one of the most profound examples that demonstrate how no industry isn’t susceptible to these kinds of crimes, and why even shipping firms need to protect themselves better against cybercriminals.
Since their founding, CyberKeel has offered investigative tests of security to shipping companies, but originally didn’t receive the kind of reception from these businesses as they originally hoped. The first firms CyberKeel offered their services to considered them a waste of time, and assured their systems were safe enough. That particular tone has since changed in the wake of the NotPetya attack, and many businesses in the shipping industry have become very aware of how susceptible their systems truly are to cyberattacks.
As expected, gaining access into a shipping firm’s system enables cybercriminals to access sensitive information. Even the actual vessels of a shipping firm are vulnerable to targeting, since many are becoming increasingly computerized. The industry’s lack of cybersecurity protocols led to some glaring vulnerabilities hackers can exploit. Malware like NotPetya, for example, is often designed to spread across a network’s computers, meaning connected devices onboard ships are potentially vulnerable to being infiltrated. For ships in particular, cybercriminals will primarily target the switchboard, which manages the vessel’s power supply, propeller, and other machinery.
One particular incident where this scenario occurred took place in Asia, where a vessel’s systems were breached and was rendered inoperable for some time afterwards. Many widely-used navigation systems like the Electric Chart Display (Ecdis), are especially vulnerable to cyberattacks. Another incident that occurred at an Asian port targeted an 80,000-ton tanker, when a crew member brought a USB stick onboard containing paperwork that needed to be printed. The USB stick unknowingly possessed malware that spread a virus throughout the ship’s computer system. Another crew member realized what was happening while updating the ship’s charts (also via USB stick), which delayed the vessel’s departure and prompted an investigation.
As a result of maritime shipping businesses taking cybersecurity for granted, most Ecdis systems on these vessels never had anti-virus software installed. Granted these incidents are very disruptive to maritime businesses, the most catastrophic scenarios might involve hackers attempting to sabotage or even destroy a ship itself through targeted manipulation of its systems. Simply put, it’s very much possible for cybercriminals to sabotage a vessel’s systems enough to facilitate a physical collision.
Cybersecurity experts are finding ways to remotely access these computerized systems, with one researcher even using an app called Ship Tracker to find an open satellite communication onboard shipping vessels. The VSat had default credentials, providing for easy access, leading the researcher to believe the ship’s software would be incredibly easy to manipulate. Attacks of this nature could even alter the co-coordinated broadcasted, potentially allowing someone to spoof a ship’s position. Having said that, it’s worth noting that industry experts pointed out spoofed locations could be quickly spotted by maritime observers—and have in the past.
While there’s a lot of work to be done on cybersecurity in the maritime shipping sector, the amount of awareness is rapidly growing among industry businesses. The Baltic and International Maritime Council (BIMCO) and International Maritime Organization (IMO) recently instated guidelines that aim to help ship owners protect themselves from cybercriminals. Crews with a tenuous understanding of these risks should be educated on how malware can spread, and a simple USB device is all that’s needed. This is all more important since vessel crew members change frequently because many eventually leave or are reassigned.
Filed Under: Cybersecurity, M2M (machine to machine)