Maritime Industry Targeted By Cybercriminals
In a recent information letter to the maritime sector, the Norwegian National Security Authority (NSM) advises of an increase in the number of cyber campaigns targeting several different sectors since June 2019 and states that both the maritime sector and the oil and gas sector have been victims of such targeted attacks.
To this date, the campaigns have used social engineering techniques in e-mails and in personal messages through social media, primarily LinkedIn, but also WhatsApp and Facebook Messenger to:
• install malware on the user’s computer; • gather information about the user, their employer or other users connected to them; and • further spread the campaigns.
While the scope of these campaigns and the subsequent incidents are reportedly global, “companies in the United States of America, Europe, and the Middle East have been the main targets”, says the NSM. It also establishes that the threat actors have demonstrated high ability and capacity to conduct their operations.
Based on the current situation and the risks found, the NMS advises companies and organisations to be prepared for attempts of cyber activity with malicious intent in the short to medium term. It also states that both obvious and less obvious companies may be affected, which means all types of ships as well as shipowners’ land-based infrastructure can be vulnerable to cyber incidents. In a statement of 19 August 2019, the Norwegian Maritime Authority (NMA) further emphasizes that: “Especially shipowners that operate in ISPS/MARSEC level two areas or higher should be aware of the situation.”
Although the NSM’s information letter is directed at Norwegian companies, we advise all ship operators and companies with responsibility for infrastructure onboard ships to continuously monitor and review digital security and to follow the recommendations made, including:
• Make sure networks are segmented. There should be no physical connection between administrative and operative parts of the network. • Log activity at all endpoints and in the network. The NSM recommends keeping logs for at least six months. • Use encrypted communication where possible, also between ships and land-based infrastructure. Manipulation of communication can easily be done if it is not encrypted. • Restrict access to information and systems in accordance with people’s position and role. Restriction of access will in most cases limit the consequences after an incident.
Among the recommended counter-measures, the importance of carrying out cyber security awareness training is highlighted. All ‘users’, including seafarers, shore staff and other relevant personnel, should:
• Be aware of, and be critical to, emails with links or attachments.
• If there are any doubts whether an attachment or a link is safe to open – assess whether it is necessary to open it at all. Report suspicious emails or messages that relate to the company to your employer. • Be careful with documents that suggest enabling macros in Word, Excel or PowerPoint.
In social media:
• Report suspicious messages received through social media, in particular if they can be connected to your employment or the company in general. • Establish and maintain contact only with people whose identity can be verified. • Be very critical to messages with links and attachments in social media, this is the new target arena. • Expect that everyone can see all information shared on social media about work and your private life. • Do not publish work-related i