Bridge Watch: Cybersecurity attacks on maritime sector up 900%

In this week’s Bridge Watch, Dryad Global’s CEO Corey Ransom is talking cybersecurity. Did you know that attacks on the maritime industry and its infrastructure are up by 900%?

It is vital that the maritime industry treat the cyber domain with a higher degree of importance to fully understand common cyber attack vectors and mitigation measures.

In 2015 the average attack dwell time once a hacker had gained access to a system and before they pushed forward with an attack was 270 days. In 2023, the average attack dwell time has dropped to 4.5 days.

Despite this escalation it still takes a company an average of 277 days to recover their compromised systems after a cyber attack and get their systems back, up and running and fully secured.

Ransomware attacks on vessels and shipping can take various forms, often targeting the IT systems and infrastructure of the affected organizations. These attacks can result in operational disruption, financial loss, and reputational damage.

Some common forms of ransomware attacks on maritime and shipping industries include:

1. Phishing emails: Cybercriminals may send phishing emails to employees within the shipping organization, often disguised as legitimate messages from known contacts or companies. These emails may contain malicious links or attachments, which, when clicked or opened, can introduce ransomware into the network.
2. Vulnerable software or systems: Attackers may exploit known vulnerabilities in software or systems used by the shipping company. This can include outdated operating systems, unpatched software, or insecure remote access services.
3. Supply chain attacks: Cybercriminals can target third-party vendors or service providers that work with shipping companies. By compromising a vendor's systems, attackers can potentially gain access to the shipping company's network, leading to ransomware infection.
4. Social engineering attacks: Attackers can use social engineering techniques, such as impersonating a trusted individual or authority figure, to trick employees into revealing sensitive information or performing actions that enable the ransomware infection.
5. Malvertising and drive-by downloads: Malicious advertisements or compromised websites can be used to infect a victim's device with ransomware simply by visiting the site or clicking on the ad.

Once ransomware has infiltrated a shipping or maritime network, it can have significant consequences, including:

• Encrypting critical data, rendering it inaccessible until a ransom is paid
• Disabling essential systems, such as navigation, communication, or cargo handling
• Exfiltrating sensitive data, which can be used for further attacks or sold on the dark web
• Disrupting port operations or logistics, causing delays and financial losses
• Damaging the company's reputation and eroding customer trust

To prevent ransomware attacks, shipping companies should implement strong cybersecurity measures, such as employee training, regular software updates, network segmentation, data backups, and intrusion detection systems. All of these cybersecurity services can be delivered by Dryad Global’s ARMS Cyber technology.

Find out more about our cybersecurity 'Lunch & Learn' programme: info@dryadglobal.com

Discover our ARMS Cyber technology: https://www.dryadglobal.com/arms-cyber-security-assurance