Hackers Target The Shipping Industry

Uploaded on 2017-08-22 in BUSINESS-Services-Transport & Travel, FREE TO VIEW, NEWS-News Analysis

When staff at CyberKeel investigated email activity at a medium-sized shipping firm, they made a shocking discovery.

"Someone had hacked into the systems of the company and planted a small virus," explains co-founder Lars Jensen. "They would then monitor all emails to and from people in the finance department."

Whenever one of the firm's fuel suppliers would send an email asking for payment, the virus simply changed the text of the message before it was read, adding a different bank account number.

"Several million dollars," says Mr Jensen, were transferred to the hackers before the company cottoned on.

After the NotPetya cyber-attack in June, major firms including shipping giant Maersk were badly affected. In fact, Maersk revealed recently that the incident could cost it as much as $300 million (£155 million) in profits.

But Mr Jensen has long believed that that the shipping industry needs to protect itself better against hackers, the fraud case dealt with by CyberKeel was just another example.

The firm was launched more than three years ago after Mr Jensen teamed up with business partner Morten Schenk, a former lieutenant in the Danish military who Jensen describes as "one of those guys who could hack almost anything".

They wanted to offer penetration testing - investigative tests of security - to shipping companies. The initial response they got, however, was far from rosy.
"I got pretty consistent feedback from people I spoke to and that was, 'Don't waste your time, we're pretty safe, there's no need'," he recalls.

Today, that sentiment is becoming rarer. The consequences of suffering from the NotPetya cyber-attack for Maersk included the shutting down of some port terminals managed by its subsidiary APM.

The industry is now painfully aware that physical shipping operations are vulnerable to digital disruption.

Breaking into a shipping firm's computer systems can allow attackers to access sensitive information. One of the most serious cases that has been made public concerns a global shipping conglomerate that was hacked by pirates. They wanted to find out which vessels were transporting the particular cargo they planned to seize. 

A report on the case by the cybersecurity team at telecoms company Verizon describes the precision of the operation.

"They'd board a vessel, locate by barcode specific sought-after crates containing valuables, steal the contents of that crate - and that crate only - and then depart the vessel without further incident," it states.

But ships themselves, increasingly computerised, are vulnerable too. And for many, that's the greatest worry. Malware, including NotPetya and many other strains, is often designed to spread from computer to computer on a network. That means that connected devices on board ships are also potentially vulnerable.

"We know a cargo container, for example, where the switchboard shut down after ransomware found its way on the vessel," says Patrick Rossi at consultancy DNV GL.

He explains that the switchboard manages power supply to the propeller and other machinery on board. The ship in question, moored at a port in Asia, was rendered inoperable for some time, adds Mr Rossi.

Seizing the Controls

Crucial navigation systems such as the Electronic Chart Display (Ecdis) have also been hit. One such incident is recalled by Brendan Saunders, maritime technical lead at cyber-security firm NCC Group. This also concerned a ship at an Asian port, but this time it was a large tanker weighing 80,000 tonnes.

One of the crew had brought a USB stick on board with some paperwork that needed to be printed. That was how the malware got into the ship's computers in the first instance. But it was when a second crew member went to update the ship's charts before sailing, also via USB, that the navigation systems were infected. Departure was consequently delayed and an investigation launched.

"Ecdis systems pretty much never have anti-virus," says Mr Saunders, pointing out the vulnerability. "I don't think I've ever encountered a merchant ship Ecdis unit that had anti-virus on it."

These incidents are hugely disruptive to maritime businesses, but truly catastrophic scenarios might involve a hacker attempting to sabotage or even destroy a ship itself, through targeted manipulation of its systems.

Could that happen? Could, for example, a determined and well-resourced attacker alter a vessel's systems to provoke a collision?

"It's perfectly feasible," says Mr Saunders. "We've demonstrated proof-of-concept that that could happen."

And the experts are finding new ways into ships' systems remotely. One independent cyber-security researcher, who goes by the pseudonym of x0rz, recently used an app called Ship Tracker to find open satellite communication systems, VSat, on board vessels.

In x0rz's case, the VSat on an actual ship in South American waters had default credentials - the username "admin" and password "1234" - and so was easy to access. It would be possible, x0rz believes, to change the software on the VSat to manipulate it.

A targeted attack could even alter the co-ordinates broadcast by the system, potentially allowing someone to spoof the position of the ship - although shipping industry experts have pointed out in the past that a spoofed location would likely be quickly spotted by maritime observers.

The manufacturer behind the VSat unit in question has blamed the customer in this case for not updating the default security credentials. The unit has since been secured.

Safe at Sea

It's obvious that the shipping industry, like many others, has a lot of work to do on such issues. But awareness is growing.

The Baltic and International Maritime Council (BIMCO) and the International Maritime Organisation (IMO) have both recently launched guidelines designed to help ship owners protect themselves from hackers.

Patrick Rossi points out that crew with a poor understanding of the risks they take with USB sticks or personal devices should be made aware of how malware can spread between computers.

This is all the more important because the personnel on board vessels can change frequently, as members go on leave or are reassigned.

But there are more than 51,000 commercial ships in the world. Together, they carry the vast majority, 90%, of the world's trade. Maersk has already experienced significant disruption thanks to a piece of particularly virulent malware.

BBC

You Might Also Read: 

Fallout From Petya On Global Shipping:

Cybersecurity Can Learn From Maritime Security:

 

« Cyber Criminals Have Access To Weapons Grade Hacking Tools
Tech Giants Put Big Data To Work »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

HackerOne

HackerOne

HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer.

Zurich

Zurich

Zurich’s Security and Privacy policy is designed to manage financial and reputational costs as a result of a breach of network security or unauthorized access or release of private information.

CS Group

CS Group

CS Group offers a complete range of security solutions from consultancy to security maintenance and from secure infrastructure design to security governance.

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

Robert Bosch Centre for Cyber-Physical Systems (RBCCPS)

RBCCPS is an interdisciplinary research and academic centre within the Indian Institute of Science focused on research in cyber-physical systems.

Cybersecurity Collaborative

Cybersecurity Collaborative

CyberSecurity Collaborative is a forum for CISOs to share information that will collectively make us stronger, and better equipped to protect our enterprises from those seeking to damage them.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

NGS (UK)

NGS (UK)

NGS (UK) Ltd are independent, vendor agnostic, next generation security trusted advisors, providing all-encompassing solutions from the perimeter to the endpoint.

Industrial Defender

Industrial Defender

Committed to ICS Cybersecurity. Industrial Defender provides a fully automated solution to discover, track and report on assets across your ICS footprint.

Trilateral Research

Trilateral Research

Trilateral Research provide regulatory and policy advice; develop new data-driven technologies and contribute to the latest standards in safeguarding privacy, ethics and human rights.

National Academy of Cyber Security (NACS)

National Academy of Cyber Security (NACS)

National Academy of Cyber Security provides Professional Training Courses and Programmes in Cyber Security.

Pristine InfoSolutions

Pristine InfoSolutions

Pristine InfoSolutions is a global IT services and Information Security Company focused on delivering smart, next-generation business solutions.

Cyber Unit

Cyber Unit

Cyber Unit offer next level protection from cyber attacks in packages and pricing options that are accessible to smaller organizations.

Tenable

Tenable

Organizations around the world rely on Tenable to help them understand and reduce cybersecurity risk across their attack surface—in the cloud or on-premises, from IT to OT and beyond.

Xobee Networks

Xobee Networks

Xobee Networks is a Managed Service Provider of innovative, cost-effective, and cutting-edge technology solutions in California.

OSC Edge

OSC Edge

OSC was founded with the vision of providing expert solutions in IT to government and businesses. OSC Edge empowers organizations with solutions that prepare them for today and tomorrow.

FusionAuth

FusionAuth

FusionAuth is the customer authentication and authorization platform that makes developers' lives awesome.