Shipping companies preoccupied with pandemic problems are proving easy prey for cyber attackers
As the industry grapples to deal with exceptional Covid-19-related challenges, a deeper threat is coming to the fore. At this time of crisis, more and more opportunistic hackers and cybercriminals are taking advantage of the chaos caused by the pandemic and the subsequent surge in remote operations to target shipping. And there is proof that they are succeeding.
Consultancy PwC reports of email scams attempting to deliver malware or phishing links to compromise vessels and/or companies. Some of them impersonate the World Health Organisation while others use real vessel names and/or Covid-19 to impersonate actual ships and warn of infected crew and vessels through attachments infected with malware. Last week, logistics company Toll Group fell prey to a second ransomware attack this year. Toll confirmed that its systems outage was the result of the Nefilim ransomware. When Toll was struck by a ransomware attack earlier this year, it took six weeks before deliveries and core services were returned to normal operating capabilities.
Last month, Mediterranean Shipping Company reported experiencing a network outage due to a malware attack affecting their primary website and customer portal, which in turn affected online bookings for a number of days. Meanwhile, in the same month, Danish pump maker DESMI was hit by a ransomware attacking shutting down its systems, including email.
On top of these confirmed cases, global cybersecurity and anti-virus software company Bitdefender has revealed that the oil and gas industry is also said to be currently fending off a major spyware campaign with highly targeted phishing attacks.
Bitdefender researchers have uncovered phishing campaigns that either impersonate a well-known Egyptian engineering contractor or a shipment company to drop in the Agent Tesla spyware Trojan.
“This is not the first time the oil and gas industry [has been] targeted with similar campaigns, as some were reported in 2017 and 2019, both using similarly constructed emails and delivering spyware such as the Remcos remote access Trojan,” says Bitdefender’s senior cybersecurity analyst Liviu Arsene.
Bitdefender notes that the global evolution of cyberattacks on the energy industry has steadily increased since September 2019, with a peak in February 2020. The cyber specialist has recorded over 5,000 malicious reports from companies that operate in the energy industry. “Cybercriminals seem to have taken a keen interest in this vertical, perhaps as it has become more important and strategic after recent oil price fluctuations,” says Arsene.
According to Moshe Shlisel, chief executive and co-founder of GuardKnox, today’s increasingly-connected cargo fleets are becoming more vulnerable to cyber attacks — “a serious threat even in boom times”.
Says Shlisel: “The financial costs to business go beyond any payments lost to hackers and not covered by insurance. If a shipping company has its fleet disrupted by a cyber attack, the company will experience substantial downtime between the onset of an attack and its resolution – and for many businesses, as well as the economy, downtime can prove devastating. In some cases, paying the ransom will be cheaper than going through the necessary steps to remove the ransomware, which could take weeks.”
Sarantos Kefalas, senior manager for cyber security SME, assurance at PwC, explains that as shipping companies rightly shift their focus to employees’ well-being and dealing with new ways of operating during Covid-19, cyber security may “fall by the wayside”, potentially increasing the risk of cyber security attacks.
“Cyber criminals are cognisant of the change in priorities,” he says, “making the pandemic an attractive opportunity for them to make their way into corporate networks to steal data, money or cause disruption.”
He advises three actions that the shipping sector should do to maintain the security of its data and infrastructure. Firstly, companies should secure newly implemented remote working practices.
Many shipping companies have had to rapidly introduce new remote working tools (e.g. video conferencing, laptops, etc.) that may lack certain security controls or policies, he says. The concern once the world emerges from the pandemic is that these solutions will still be relied on, making companies more susceptible to cyber attacks due to unpatched or insecurely configured systems.
To address this, companies should: “Risk assess existing and new remote access systems to ensure critical security patches have been applied, secure configurations have been used and the solutions are resilient.” Particular attention should be paid to systems used for remotely administering and monitoring IT and OT vessel systems. Additionally, remote access solutions, e-mail and identity management systems should be configured to log all authentication events and those logs should be preserved.
Secondly, PwC advises that shipping companies should ensure the continuity of critical security functions. This is especially important where business have outsourced security monitoring functions to a third party. Here, PwC encourages checking that the third party has enabled its business continuity plan and has sufficient capacity and capability to achieve the agreed service-level agreement.
Where this function is performed in-house, PwC advises checks to ensure that monitoring teams have the “people, processes and technology necessary to monitor and respond to alerts affecting on-shore and vessel systems”, with consideration given to bringing in third-party resources if necessary. Continuous vulnerability scanning and updating incident response plans and continuity playbooks are also recommended.
Thirdly, shipping companies must counter opportunistic threats through a number of means. These include providing specific guidance to vessel crews to be extra vigilant when it comes to email communications relating to Covid-19 infections on specific vessels; providing specific guidance to finance teams to ensure they do not respond to email solicitations for personal or financial information, or requests to transfer funds; and providing additional phishing awareness campaigns to both onshore employees and crews.
Cyber attacks have not abated during the Covid-19 pandemic, in fact the opposite is true and shipping companies cannot afford to drop their guard on the cyber front at this time of crisis.