Posted on December 13, 2018 at 4:23 PM

Online Threats Hitting Ships Around the World

According to a document released recently by the international shipping industry, ships are just as likely to suffer from cyber-security attacks as any other IT system. Attacks on ships often include ransomware, worms, USB malware, and alike.

The document is also the new edition of the industry-approved guide on how to handle such threats, called “Guidelines on Cyber Security onboard Ships”. The guideline was created by 21 international industry groups and shipping associations as an attempt to combat the problem.

Apart from containing regular rules, guidance for securing systems, and alike — the document also includes multiple examples of what might happen if the procedure is not followed adequately. The examples used in the document are issues and incidents witnessed previously in ports and ships around the world, but they simply never caught the attention of the public.

Examples of attacks on ships

One example describes a virus infection of ECDIS (Electronic Chart Display and Information System), that ships are using during sailing. In the incident, a ship that was designed for sailing without paper charts got infected by a virus that has disrupted the system. Ship’s officers did not recognize this as a cyber-security issue at the time, and the virus was actually discovered later by a technician that was required to visit the ship. It is still unknown where the virus came from and how it managed to infect the system unnoticed, but the disruption and delay that it managed to cause ended up costing hundreds of dollars.

This incident is only one of many, and the document continues to describe other such events. Furthermore, the document also describes attacks by ransomware. In some cases, attacks are quite direct, but there were also incidents where backend systems and servers were targeted.

During one incident, it was reported that two ransomware have infected the system. The incident was reported by a shipowner, and the report claims that the email attachment was responsible for letting the ransomware into the system. The ransomware entered via separate ports on separate occasions. While the ships themselves ended up being affected by the incident, the real victim ended up being the network. The entire incident ended after the owner paid the ransom.

As mentioned, there were numerous other incidents, some of them occurring because of the lack of a proper password. On this occasion, ransomware disrupted the entire IT infrastructure, and every critical file ended up encrypted by the attacker. A lot of sensitive data was lost, while crucial applications ended up being unusable. The worst part is that incident happened several times until the reason for the infection was found to be a bad password policy.

While remote attacks are by far the most common ones, there were also several examples of attacks that occurred due to infected USB thumb drives. While they are usually used for updating systems or transferring documents — they can sometimes be responsible for spreading a virus to air-gapped networks.

The document described such events as well, stating that malware was brought to the systems via USB drives, and it even managed to remain undetected during cyber assessment and regular check-ups, only to start its attack later.

IT mistakes are also known to happen, and while they might not technically be cyber-security issues, they can cause just as much damage. The document mentioned examples of such incidents as well. In one of them, almost all of the ship’s navigation systems failed at sea in a high traffic area that had reduced visibility. All that ship was left with were backup paper charts and a single radar, which it needed to use for two days before repairs could be done in the nearest port. The issue behind the incident ended up being the software that was too advanced for the ship to handle, and the system crashed.

The biggest cyber-security incident in shipping, ever

Ships are vulnerable to the same kind of attacks as the rest of IT systems, which includes hacking, malware infections, and more. While this is nothing new, the issue somehow ended up lacking attention, as ship-makers usually only focus on connecting all of the systems together.

This does not mean that there are no cases where ships have proper security, and where systems are protected. However, there are also numerous cases where these critical systems were left entirely exposed, or protected with bad passwords.

The biggest wake-up call for the shipping industry happened back in 2017 when NotPetya ransomware successfully infected the world’s biggest shipping company, Merck. The incident ended up costing the company more than $300 million, as over 4,000 servers and 45,000 PCs needed to be reinstalled before the company can resume business as usual.

Now, the document containing the guidelines got updated, which is a direct consequence of the NotPetya incident, as it was proof to the entire world how a single ransomware can cripple an entire company almost instantly. The guidelines are expected to help with securing ships’ IT systems, but also to provide instructions for ports and entire shipping companies.