ZDNet Reports that Maritime industry needs to focus more on securing shore-based systems and stop prioritizing the less likely ship-based attacks.
With today’s news that French shipping giant CMA CGM has been hit by a ransomware attack, this now means that all of the four biggest maritime shipping companies in the world have been hit by cyber-attacks in the past four years, since 2017.
Previous incidents included:
On top of these, we also have CMA CGM, which today took down its worldwide shipping container booking system after its Chinese branches in Shanghai, Shenzhen, and Guangzhou were hit by the Ragnar Locker ransomware.
This marks for a unique case study, as there is no other industry sector where the Big Four have suffered major cyber-attacks one after the other like this.
But while all these incidents are different, they show a preferential targeting of the maritime shipping industry.
“I’m not so sure it’s that they’re any more or less vulnerable than other industries,” said Ken Munro, a security researcher at Pen Test Partners, a UK cyber-security company that conducts penetration testing for the maritime sector.
“It’s that they are brutally exposed to the impact of ransomware.
“After Maersk was hit by the NotPetya crytper, I believe criminals realized the opportunity to bring a critical industry down, so payment of a ransom was perhaps more likely than other industries,” Munro said.
Over the past year, incidents where malware landed on ships have intensified. This included sightings of ransomware, USB malware, and worms; all spotted aboard a ship’s IT systems.
But Munro points out that it’s not the ships that are usually getting attacked in the major incidents.
Sure, malware may land on a ship’s internal IT network once in a while, but the incidents where malware gangs have done the most damage were the attacks that targeted shore-based systems that sit in offices, business offices, and data centers.
These are the systems that manage personnel, receive emails, manage ships, and are used to book container transports. There is nothing particularly different from these systems compared to any other IT systems sitting inside other industry verticals.
“That said, if you can’t book a container, there’s no point in having the ship,” Munro added.
For all intents and purposes, it appears that despite efforts to protect ships from external hacking, the maritime industry has failed to treat its shore-based systems with the same level of attention.
While the rare ship hacking incidents are the ones that usually grab headlines, it’s the attacks on a shipping company’s shore-based systems that are more common these days, and especially the attacks on their container booking applications.
These systems have often been hacked by sea pirate groups looking for ship manifests, container ID numbers, and ship sea routes so they can organize attacks, board ships, and steal containers transporting high-value goods like electronics and jewelry [1, 2, 3, 4].
These waves of “cyber pirates,” as these groups have been often named, along with the recent attacks on the Big Four shipping giants, are a clear sign that the shipping industry needs to stop prioritizing the less likely ship hacking scenarios and focus more on its shore-based systems, at least, for the time being.