Maritime Cyber Attacks Quadruple

The Coronavirus pandemic is leaving the maritime and offshore energy sectors vulnerable to cyber-attack, with the maritime security firm Naval Dome citing a massive 400% increase in attempted hacks since February 2020. 

An increase in malware, ransomware and phishing emails exploiting the Covid19 crisis is the primary reason behind the spike. Naval Dome says that travel restrictions, social distancing measures and economic recession are beginning to bite into a company’s ability to sufficiently protect itself.

The global crisis and social distancing measures are preventing specialist maritime technicians flying out to ships and oil rigs to upgrade and service critical systems, resulting in operators circumventing established security protocols, leaving them open to attack.

IT and other maritime Operating systems (OT) are no longer segregated and individual endpoints, critical systems and components may become vulnerable. Some of these are legacy systems which have no security update patches and are even more vulnerable. 

The increase in specialist maritime security personnel working remotely on home networks and personal computers and WiFi routers just makes the problem worse.

The economic downturn and the drop in the price of crude oil is also having an effect, with oil companies and contractors being faced with limited budgets available to implement effective cyber security measures. The Mission to Seafarers has published a COVID-19 special issue of its Seafarer Happiness Index report, which shows a growing feeling of confusion from crew changing as the landscape shifts around them. According to the report, shore leave, which is already a problematic issue, has become even more difficult for seafarers as ports are locked down and there are fears of contracting the virus. 

Seafarers also reported feeling that not enough is being done to ensure the safety of those onboard and a feeling of loneliness, physical and mental exhaustion, and homesickness.

Shen Attacks
A report, written by the University of Cambridge Centre for Risk Studies last year, called the Shen Attack: Cyber risk in Asia Pacific Ports, says that a cyber attack on ports could cause substantial economic damage to a wide range of business sectors globally due to the inter-connectivity of the maritime supply chain. 

The combination of ageing shipping infrastructure and complex supply chains makes the shipping industry vulnerable to attack and consequentially huge losses. 

While the Shen attack is not a definitive forecast, it does highlight the need for vigilance in an industry that could be brought to its knees by a cyber event originating in Asia and spreading to Europe, America and the rest of the world. 

The report is the second publication from the Cyber Risk Management project, the Singapore-based public-private initiative that assesses cyber risks, of which Lloyd’s is one of the founding members. Shen Attack estimates that losses of up to $110 billion would occur in an extreme scenario in which a computer virus infects 15 ports. Transportation, aviation and aerospace sectors would be the most affected ($28.2 billion total economic losses), followed by manufacturing ($23.6 billion) and retail ($18.5 billion).  

Offshore Energy:       Splash247:        Hellenic Shipping News:      Digital Ship:     HSToday

You Might Also Read: 

New Guidelines For Maritime  Cyber Security:

 

« Managing Your Cyber Security, Detection & Response
Your Phone Is Spying On You »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

RIVA Solutions

RIVA Solutions

RIVA provides innovative best practices in IT and management consulting, program support services and emerging technologies.

FAMOC

FAMOC

FAMOC is an enterprise mobile management solution that delivers comprehensive security and management for applications, documents, email, and mobile devices.

LexisNexis Risk Solutions

LexisNexis Risk Solutions

LexisNexis Risk Solutions provides technology solutions for Anti-Money Laundering, Fraud Mitigation, Anti-Bribery and Corruption, Identity Management, Tracing and Investigation.

AFCON Control & Automation

AFCON Control & Automation

AFCON is a leading global provider of software solutions and services for the smart management of Control & Automation systems in the age of Digital Transformation.

Parsons

Parsons

Parsons has developed a converged security offering that combines cybersecurity, integrated network solutions, and critical infrastructure protection.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

Certis

Certis

Certis is a leading advanced integrated security organisation that develops and delivers multi-disciplinary security and integrated services.

Sphonic

Sphonic

Sphonic provides regulated institutions of any size a powerful compliance & risk platform to quickly and securely onboard new customers and manage ongoing AML and Fraud & Risk trends.

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

Data Terminator

Data Terminator

Data Terminator provide a comprehensive range of secure data destruction equipment and services are in compliance to US Department of Defense (DoD) and National Security Agency (NSA) standards.

INFRA Security & Vulnerability Scanner

INFRA Security & Vulnerability Scanner

INFRA is a powerful platform with an easy interface for any kind of Ethical Hacking, from corporate monitoring and VAPT (vulnerability assessments and penetration testing) to military intelligence.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

Noerr

Noerr

Noerr is one of the top European law firms with 500 professionals in Germany, Europe and the USA. We provide solutions to complex and sophisticated legal matters including cyber risks.

Astrix Security

Astrix Security

Astrix enables security teams to instantly see through the fog of connects and detect redundant, misconfigured and malicious third-party exposure to their critical systems.

SYN Ventures

SYN Ventures

SYN Ventures invests in disruptive, transformational solutions that reduce technology risk.

Boltonshield

Boltonshield

Boltonshield provide a unique and proactive approach to cyber defence with managed security services, integrated technologies, and a team of security experts, ethical hackers and analysts.