Date
18 December 2017
The NotPetya cyber attack on the Maersk resulted in a shutdown of its port terminals. Photo: latimes.com
The NotPetya cyber attack on the Maersk resulted in a shutdown of its port terminals. Photo: latimes.com

How shipping industry is vulnerable to cyber attacks

The one industry that is increasingly at risk from cyber attack is the shipping industry. A gap in upgrading their infrastructure is leaving them vulnerable.

Here we have reports that suggest that ships in Norway will be sailing without a crew, just like how we have a driverless car. On the other side, we have news about the NotPetya ransomware attack that is crippling the shipping industry.

As hackers become more capable of breaking into any system across the world, Cybersecurity experts have advised shipping companies about the vulnerabilities they face.

Nearly every ship rely on electronic devices for their operation from communications to logistics. Software is required to run the engine from GPS to chart display information. Literally, everything happens on computers.

The shipping industry involves high-value assets and that is an added incentive for hackers because they know ships move valuable cargo on a daily basis. Security experts have expressed deep dismay at hackers attacking shipping firms, and they are successful in doing so.

While all this happens, we have seen how the shipping industry has remained relatively unprepared. Just a few days back, the security firm Cyberkeel checked the email activity of a shipping firm and was shocked at what it saw.

“Someone has hacked into the systems of the company and planted a small virus,” explains co-founder Lars Jensen. “They would then monitor all emails to and from people in the finance department.”

When a supplier sends an email asking for payment, the virus would change the content of the email and the account number, thus deceiving the company to transfer the money into the account owned by the cyber criminals. All this happens before the recipient of the email reads it

“The shipping industry needs to protect itself better against hackers — the fraud case dealt with by CyberKeel was just another example,” Jensen said. “In June, we saw how NotPetya ransomware created havoc and one of the hardest hit was Maersk.”

Now, as things get back to normal, Maersk has revealed that the total cost of dealing with the ransomware was US$300 million.

The consequences of a NotPetya cyber attack on the Maersk resulted in a shutdown of their port terminals. Today, shipping companies realize that NotPetya’s attacks on Maersk have pushed these companies against the wall. The shipping industry has finally woken up to the harsh reality that their operation is vulnerable to digital disruption.

Ships with more computers are potentially vulnerable, and it’s a great cause for alarm. Malware and ransomware are designed in a way that it spreads from one computer to another on a network.

“We know a cargo container, for example, where the switchboard shuts down after ransomware found its way on the vessel,” says Patrick Rossi, who works within the ethical hacking group at independent advisory organization DNV GL.

It’s obvious that the shipping industry, like many others, has a lot of work to do when it comes to cyber attack. The International Maritime Organization has introduced certain guidelines to educate ship owners about the vulnerability.

The shipping industry carries 90 percent of the world’s trade, and we have seen how Maersk has experienced significant damage to its business operation, thanks to NotPetya. Now before the world asks what’s next, it’s high time the shipping industry made a comprehensive effort to safeguard its systems.

– Contact us at [email protected]

RT/RA

A security geek who writes on various topics pertaining to web, data, network security & more

EJI Weekly Newsletter

Please click here to unsubscribe