Last month maritime trend news April 12, 2023 - May 09, 2023
|
|
|
Maritime Cybersecurity News by DSLABcompany |
|
|
|
We are in a time where interconnected systems and reliance on third-party data are at an all-time high. This poses challenges to logistics entities that go far beyond internal system integrity or hacking, crossing into areas such as the potential for redirection of goods via cyber breach, cyberattacks commandeering autonomous technology, or business interruption that stems not only from attacks on organizations’ systems but on those of the interconnected supply chain partners — upstream or downstream. There are more upsides to digitalization, but there are flip-side considerations too. Partly as a consequence of greater data capabilities and digitally connected technologies, every sub-sector in the supply chain industry is potentially more vulnerable to, and more affected by, cyber risk. Event impact can be costly, disruptive, and litigious if data is involved, reducing or removing the benefits of improved efficiency and margin gained by digitalization.
|
|
|
|
In the ninth in a series of interviews ahead of Seatrade Maritime Logistics Middle East, Ben Palmer, President, Inmarsat Maritime, London, UK, spoke to Seatrade Maritime News about developments in the technology. Shipping companies are more information-hungry than ever before, citing a recent 131% increase in maritime data usage associated with business operations, a top satellite communications executive told Seatrade Maritime News. Shipping companies are more data-hungry than ever before, with the maritime industry using more data—with year-on-year demand for data more than doubling in some sectors. As this need for connectivity accelerates, so does the need for high-quality broadband to keep vessels connected wherever and whenever necessary, he said. |
|
|
This year’s Maritime CEO Forum kicked off in Singapore yesterday with a one-hour workshop sponsored by Inmarsat giving delegates a masterclass into all they need to have prepared to be cyber secure. An exclusive shipowner conference, which took place at the Fullerton Hotel during Singapore Maritime Week, listed several important things that every company should have in place now to keep its operations safe from cyber attacks. Gert-Jan Panken, vice president of sales at Inmarsat, said the industry needs to acknowledge that with increased connectivity come increased risks. “The risk is there, the threat is there, and the examples that the attacks have been happening are there as well, so we can’t ignore this and we need to act on it,” remarked Panken. He also pointed out the importance of having an up-to-date and standardised IT infrastructure, with a lot of systems onboard still using Windows XP, and even illegal copies of software. Be aware, and then act, Panken suggested: “Upgrade IT systems, make sure your plans when the cyber incident is occurring are in place so that you come prepared when something is happening.”
|
|
|
Aviation, maritime, rail and road transport organisations are experiencing increased levels of ransomware activity – as per ENISA’s recent report. In comparison to the 13 per cent jump in total UK attack figures across all sectors from 2021 to 2022, European-wide reported ransomware attacks against the transport sector rose by a massive 41pc in 2022. But why such a large rise in attacks on this specific sector? Primarily, transport sector organisations have a distinctive profile from an attacker’s perspective, making them a lucrative prospect. The transport sector also offers an extensive attack surface – transport and logistics organisations are highly dependent on supply chain integration and play a key role within the end-to-end value chain. They also use specific technical equipment like satellite communication and IoT technologies, increasing potential attack vectors leveraged by cyber criminals. JUMPSEC has observed instances where interconnected shipping organisations were breached concurrently, illustrating the scope of supply chain risks to transport and logistics organisations.
|
|
|
|
One way of compromising a vessel is through phishing emails. Phishing emails are a form of social engineering which encourage crewmembers to click on insecure links and unknowingly download harmful content onto their computer. The emails appear legitimate and links are disguised as secure and genuine. They may well be personalized to that particular crew or ship, using information derived from open sources, such as social media. Phishing emails play a key role for many types of maritime cyberattacks, which rely on placing malicious software on target computers, including ransomware attacks. Writing these emails has typically been a manual exercise. However, a newly released AI tool is changing that. ChatGPT is a novel tool developed by OpenAI with many linguistic skills, including explaining quantum physics and writing poetry on command. ChatGPT was not designed for criminals, and in fact has internal barriers to prevent it from creating malicious material when directly ordered to. However, attackers have found a way around this. AI can be a force multiplier for attackers, especially when using social engineering techniques. In particular, the AI chatbot produces persuasive phishing emails when prompted. |
|
|
|
It was also this month that Fincantieri Marinette Marine experienced a ransomware attack in the early morning of April 12, when large chunks of data on the shipyard’s network servers were rendered unusable by an unknown professional group, USNI News first reported. The Wisconsin-based shipyard currently builds the United States Navy’s Freedom-class Littoral Combat Ship, as well as the Constellation-class guided-missile frigate. Though it was not a serious cyber attack, it had apparently already caused a number of production delays across the shipyard. One issue was that the compromised data was used to feed instructions to the shipyard’s computer numerical control (CNC) manufacturing machines, resulting in devices like welders, cutters, bending machines, and other computer-controlled tools being offline for several days. |
|
|
|
Three of Canadian’s primary eastern seaports were among the targets of a cyberattack apparently staged by a pro-Russian group that has also been targeting Canada’s energy infrastructure. The ports are reporting that the attacks were limited to a “denial of service” aimed at their websites and that none of their operations or internal systems seem to be impacted by the ongoing incident. Canadian news outlet CBC News is reporting that attack began early on Wednesday, April 12, with the ports of Halifax, Montreal, and Quebec all saying that their websites had been targeted and crashed after they became overloaded in the “denial of service” attack. The ports' external sites appear to continue to be offline while CBC is now reporting that Quebec’s state-owned electricity provider Hydro-Quebec began experiencing a similar cyber assault on Thursday morning. CBC reports that a pro-Russian hacking group known as NoName057(16) posted in a Telegram chatroom claiming responsibility for the attacks. The group said it was continuing to target Canadians. |
|
|
info@dslabcompany.com
Samsung IT Harrington Tower 716, Geumcheon-Gu Digital-Ro 9 Gil, Seoul(08511) |
|
|
|
