Maritime Shipping Is An Ideal Target For Ransom

The maritime industry is often dependent on just-in-time supply chains, and often old technology and this is making shipping a very attractive target for cyber criminals. 

Ransomware attacks against the shipping industry have tripled in the past year, as cyber criminals to make money from ransom payments. Analysis by cyber security company BlueVoyant has found that ransomware attacks are increasingly targeting shipping firms at a time when the global COVID-19 pandemic means that their services are required more than ever before.

Ransomware attacks have become a serious issue for all organisations in every type of industry, but a successful attack against a company could potentially mean chaos and an extremely lucrative payday for attackers. It is undisputed that the largest cyber security threat facing supply chain and logistics companies today is neither nation-state attacks nor data breach information for sale on the dark web; it is ransomware.

The Blue Voyant Report shows that from 2019 to 2020, ransomware attacks on shipping and logistics firms tripled, with almost all attacks resulting from phishing or exploitation of open remote desktop ports, making the sector especially vulnerable during the critical global vaccine rollout.

Key Report Findings:

  • Ransomware is the No. 1 cyber threat to logistics companies today, suggesting a situation of imminent and extreme risk.
  • Malicious actors are keenly interested in logistics companies. 100% of the companies assessed saw some evidence of threat targeting against their network.
  • Despite the risks of ransomware attacks, 90% of the organizations studied were found to have open remote desktop or administration ports and insufficient email security, the primary vulnerabilities to ransomware gangs.

Shipping companies are often very sizable businesses that are easily effected by any disruption and this makes them targets for cyber ransomware gangs.

2017's NotPetya cyber-attack demonstrated the amount of disruption that can occur in these scenarios, and Maersk got globally cyber attacked in an incident that cost hundreds of millions in losses. But despite this high profile cyber event demonstrating the need for good cybersecurity strategy, according to BlueVoyant's report, shipping and logistics companies need to "dramatically" improve IT hygiene and email security to make networks more resilient against ransomware and other cyber attacks.

That includes fixing vulnerabilities in remote desktops or ports, something that 90% of the organisations studied in the research were found to have. Problems like unpatched software or using default or common login credentials can provider cyber attackers with relatively simple access to networks.

In some cases, it isn't ransomware groups that are breaching logistics and shipping companies, but merely opportunistic cyber criminals who know they'll be able to sell the credentials on for others to use to commit attacks. 

High-profile cargo like the COVID-19 vaccine, and the data that goes with it, make shipping and logistics companies high-value targets to cyber criminal and national state actors aiming to disrupt government efforts and steal sought-after vaccine data.

Shipping companies have vast networks, but there are cyber security procedures that can improve their defences against cyber-attacks. These include securing port and network configuration so that default or easy-to-guess credentials aren't used and to, where possible, secure the accounts with two-factor authentication.

Organisations should also update and patch software in a timely manner so cyber criminals can't take advantage of known vulnerabilities to gain access to networks. Using open-source data and proprietary research, BlueVoyant assessed 20 of the top global shipping and logistics companies to understand their vulnerability to ransomware and other disruptive attacks.

The results indicate the growing threats facing the sector, specifically the disproportionate impact of rising ransomware attacks, capable of bringing businesses that operate technology-driven and highly automated ‘just-in-time’ delivery schedules to a standstill.

BlueVoyant:          ZDNet:       Yahoo:      Waysudin:        Image: Unsplash

You Might Also Read: 

Maritime Cyber Security Is Equally Important On Land:

 

 

« Google Plans To Eradicate Cookies
Can Ethical AI Become A Reality? »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Navista

Navista

Navista's hardware and software modules are especially designed to ease the deployment of secure networks.

Advenica

Advenica

Advenica develops, manufactures and sells innovative cybersecurity solutions for encryption and secure information exchange.

Morphisec

Morphisec

Morphisec's world leading prevention-first software stops ransomware and other advanced attacks from endpoint to the cloud.

CyberSecurity Malaysia

CyberSecurity Malaysia

CyberSecurity Malaysia is the national cyber security specialist agency under the Ministry of Science, Technology and Innovation (MOSTI).

Inspired eLearning

Inspired eLearning

Inspired eLearning deliver solutions that help clients nurture and enhance workforce skills, protect themselves against cyberattacks and regulatory violations.

Griffiss Institute (GI)

Griffiss Institute (GI)

GI's primary role is to advocate and facilitate the co-operation of private industry, academia, and the Air Force Research Laboratory in developing solutions to critical cyber security problems.

Cyphere

Cyphere

Cyphere is a cyber security company that helps to secure most prized assets of a business. We provide technical risk assessment (pen testing/ethical hacking) and managed security services.

CYMOTIVE Technologies

CYMOTIVE Technologies

Combining Israeli cyber innovation with a century of German automotive engineering. CYMOTIVE operates under the assumption that connectivity is a game changer for the automotive industry.

Indevis

Indevis

Indevis provides IT security, datacenter and network solutions, accompanied by professional consulting, management and support services.

link22

link22

link22 offers a high level of expertise within IT security and system solutions. We help public and private actors with highly secure IT-solutions.

UNS Inc.

UNS Inc.

UNS is a top services partner for multiple leaders in the global cybersecurity industry – we do business in 40 countries, including the United States, Canada, Chile, and Colombia.

ERCOM

ERCOM

Ercom, a subsidiary of the Thales Group, is a French company known for its mobility security solutions.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.

Control D

Control D

Control D is a modern and customizable DNS service that blocks threats, unwanted content and ads - on all devices.

Boston Government Services (BGS)

Boston Government Services (BGS)

Boston Government Services is an engineering, technology, and security firm providing mission-focused solutions for the clean energy, nuclear, and federal programs markets.

CoGuard

CoGuard

CoGuard is a patented solution that uses AI driven automation to provide fast, cost effective white-box penetration testing, infrastructure audits and infrastructure design services.