Posted on August 19, 2017 at 1:30 PM
Shipping firms have increasingly become targets for hackers to steal business information, attempt frauds and steal goods. According to security researchers, many of the shipping firms are unaware of being in this kind of danger.
There are many reasons why shipping companies make good targets for hackers. Their presence and their attacks are steadily growing in number but many companies still aren’t aware of their existence. As BBC reported, most of these shipping firms are confident in their logistics systems and believe that their ships are safe enough.
This, unfortunately, isn’t the case. Recently, the industry has been hit with a variety of cyber attacks, going from NotPetya ransomware to targetted attacks on individual firms. In some of these cases, the attackers are usual fraudsters trying to make money off of the companies.
This was exactly the case at a shipping firm that sent millions of dollars to criminals by accident. What happened was that the hackers put a malware that messed with emails that included invoices from the firm’s fuel supplier. When an invoice arrived, the malware changed the bank account number to make the payment to.
Another known way of attacking the shipping companies is using a cyber attack to get valuable goods on ships. The next example is a case that Verizon’s cybersecurity team was asked to handle.
A global shipping firm that will remain unnamed was hacked by pirates. The way the attackers did this is by accessing the firm’s IT systems in order to monitor the progress of valuable goods through its network. Once they located the goods, they boarded the ship and made off with a container found using its barcode.
And on the grander scale, malware infection can cause entire ships to be held up. Viruses have infected container ships, tankers and other merchant vessels and left their navigation equipment, engine controls and other on-board machinery unusable. The most common way of the malware getting onto the ship is through low-tech methods, like a compromised USB stick, for example. The ship crew is usually unaware of what a risk that little removable storage can be.
The hacking problem is starting to become such a big deal that some vessel operators are turning to the past in order to find a solution for the problem. Earlier this month, a story has been covered where World War Two-era radio systems are being brought back as a fall-back option in the event of GPS failure.
It is interesting to know that the US, UK, Russia and South Korea are all developing solutions separately, but they all are using conventional radio waves instead of modern-day inventions such as GPS, which is possible to hack. Jamming the traditional radio waves would require a jammer that is about a million times more powerful than your old GPS jammer. The shipping companies that are being involved in these trials say this is a good idea, to be able to cross-check GPS signals with another technology.
This rise of cyberattacks is a good reminder for everyone that no industry gets to escape the cyberthreats. It’s been only recently that the operators involved in the industry realized the massive faults in their security systems.
The International Maritime Organisation (IMO) has published a set of guidelines to help ship owners secure their software, signalling a shift in attitude inside the industry. Mending the problem is likely to take a long time though, even as awareness grows.