MARITIME CYBER SECURITY Archives - SHIP IP LTD

Sep-15-Mayflower-Autonomous-Ship-begins-trials-ahead-of-unnamed-Atlantic-voyage-1024x546.jpg

Franman’s core activity since its establishment has been the representation of First Class Makers of Shipbuilding Equipment for merchant vessels.

The function of the Shipbuilding Division is to introduce and promote its principals to shipping companies in Greece, Cyprus and the greater Eastern Mediterranean area.

We ensure that our customers are fully acquainted with our principals’ equipment and products. This is achieved via continuous communication with the customer in order to acquaint them with the Principals’ equipment and products, while for the effective promotion we utilize various available marketing tools, like seminars, workshops, participation to exhibitions and targeted advertisements, among others.

Thereafter, Franman’s involvement in a specific new building project begins at an early stage. Our first objective is to ensure to the extent possible, that the equipment we represent is included in the shipyard’s maker list. Our ultimate target is to pursue an agreement between maker and owner with the best possible terms for both parties involved.

Another area that we are heavily involved is that of retrofit projects for all the equipment that we represent and promote.

Our effectiveness is based on our in depth knowledge of our markets, our experience and the close business relationships that we have established with the shipping companies since our company’s formation back in 1991 and utilized for the benefit of both our customers and our principals.

Source: divisions


IMOHQ-671x381.jpg

Since 30 September 2020, the issue has been affecting IMO’s public website and internal intranet services.

Image Courtesy: IMO

“The interruption of service was caused by a sophisticated cyber-attack against the Organization’s IT systems that overcame robust security measures in place,” the IMO said, adding that the organization’s IT technicians shut down key systems to prevent further damage from the attack.

“The IMO is working with UN IT and security experts to restore systems as soon as possible, to identify the source of the attack, and further enhance security systems to prevent recurrence.”

As informed, internal and external emails are working as normal while service has been restored to the GISIS database, IMODOCS and Virtual Publications.

Furthermore, the IMO Secretariat has continued to function with some limitations and the Facilitation Committee has continued meeting this week on the external platform.

Earlier this week, French container shipping giant CMA CGM also confirmed a cyber attack impacting the company’s peripheral servers. CMA CGM thus became the fourth major shipping company to experience a cyber attack, after Swiss Mediterranean Shipping Company (MSC), China’s COSCO Shipping and Danish Maersk.

 

Source: offshore


International-Maritime-Organisation.jpeg
Shipping’s global regulatory body the International Maritime Organization (IMO) has been hit by a cyber attack.

The IMO said on Twitter: “The interruption of service was caused by a cyber attack against our IT systems. IMO is working with UN (United Nations) IT and security experts to restore systems as soon as possible, identify the source of the attack, and further enhance security systems to prevent recurrence.”

At the time of writing the IMO’s website remained unavailable with a message that it was “under maintenance”. Some document and publication services remained active.

It is the second cyber attack on a shipping organisation this week with the world’s third largest container line CMA CGM hit with malware that forced it to take its e-commerce systems off line and resulted in a suspected data breach.

From 2021 cyber security will be part of the IMO’s safety management systems for shipping, a regulatory change that also referred to as IMO 2021.

 

Source: seatrade


Mopic-680x0-c-default.jpg

CMA CGM yesterday revealed it may have suffered a data breach during the recent cyber-attack.

As the French carrier works on restoring its systems, it said: “We suspect a data breach, and are doing everything possible to assess its potential volume and nature.”

However, it added that its IT technicians had made progress in restoring its systems.

“Today, the back-offices (shared services centres) are gradually being reconnected to the network, thus improving bookings and documentation processing times,” it said.

And it reminded customers that online bookings could still be made through the INTTRA portal, as well by spreadsheet via email, and said EDI messages were also secure.

It told them: “Maritime and port activities are fully operational. We are providing alternative and temporary processes for your bookings and are committed to processing them as quickly as possible.”

Meanwhile, cyber criminals have continued their assault on the maritime sector after the industry’s governing body, the International Maritime Organization (IMO), admitted it had also suffered a cyber-attack when its website went down yesterday.

“The interruption of service was caused by a cyber-attack against our IT systems,” it said today. “IMO is working with UN IT and security experts to restore systems as soon as possible, identify the source of the attack and further enhance security systems to prevent recurrence.”

 

Source: theloadstar


Aug-6-Port-of-Vladivostok-joins-TradeLens-af4sKS06muvzjpg

The United Nations agency for international shipping came under cyber-attack at the end of last week, forcing a number of services offline, it has emerged.

Headquartered in London, the International Maritime Organization (IMO) is responsible for the regulation, safety and security of global shipping.

However, it revealed in a tweet last Wednesday that its website was “undergoing some technical issues.” It admitted a day later that these had actually been caused by malicious actors.

In a longer announcement on Friday recapping the incident, the IMO said its Global Integrated Shipping Information Systems (GISIS) database, document repository IMODOCS, and its Virtual Publications service had been affected by the attack but were now restored.

However, at the time of writing, Virtual Publications appeared to still be offline.

The IMO said restoration of the other unnamed services affected by the attack would take place “as soon as possible and as safe as possible.”

“The interruption of web-based services was caused by a sophisticated cyber-attack against the organization’s IT systems that overcame robust security measures in place. IMO has ISO/IEC 27001:2013 certification for its information security management system. IMO was the first UN organization to get this certification in 2015,” the IMO explained.

“The IMO headquarters file servers are located in the UK, with extensive backup systems in Geneva. The backup and restore system is regularly tested. Following the attack the secretariat shut down key systems to prevent further damage from the attack.”

The organization’s email and virtual meeting platforms were unaffected by the incident, it added.

The incident sounds like a ransomware attack: just last week it was revealed that French shipping giant CMA CGM suffered such an outage after a breach at its Chinese offices impacted the availability of some servers and applications.

Source: infosecurity


Risks-in-Maritime-Cybersecurity.jpg

Dryad and cyber partners RedSkyAlliance continue to monitor the stark upward trend in attempted attacks within the maritime sector. Here we also examine the recent attack on CMA CGM.

“Fraudulent emails designed to make recipients hand over sensitive information, extort money or trigger malware installation on shore-based or vessel IT networks remains one of the biggest day-to-day cyber threats facing the maritime industry.”

Dryad Global’s cyber security partners, Red Sky Alliance, perform weekly queries of backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails. Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments.

With our cyber security partner we are providing a weekly list of Motor Vessels where it is observed that the vessel is being impersonated, with associated malicious emails.

The identified emails attempted to deliver malware or phishing links to compromise the vessels and/or parent companies. Users should be aware of the subject lines used and the email addresses that are attempting to deliver the messages.

In the above collection, we see malicious actors attempting to use vessel names to try to spoof companies in the maritime supply chain. This week we observed a wide variety of maritime-related subject lines. Some of the new vessel names used this week include “MT Blue Sky” and “MV YARRAWONGA” among others. Analysts observed bad actors continuing to leverage “ Kleven” in malicious email subject this week. Beginning in February 2020, analysts saw threat actors using this vessel name as part of their subject lines. Using the following sender emails, attackers have leveraged this vessel to spread malware targeting multiple unique recipients:

“Hashemi”<ops.ir@mcha-shipping.com>
”A.P. Moller – Maersk.(Shanghai, Head Office)” nooreply@maersk.com
P. Moller – Maersk (Shanghai, Head Office)<eb6bceca@fd8e08.com>
”A.P. Moller – Maersk”<nooreply@maersk.com>
”A.P. Moller – Maersk” <14709c9@fd8e08.com>
”A.P. Moller – Maersk”<f5fbf089377@1cb9beb999.com>
”Azil bin Salleh(LCTC Information Technology Services)”<azils@lotte.net>
”Babel Markus (Gechter GmbH)”<markus.babel@gechter.com></markus.babel@gechter.com></azils@lotte.net></f5fbf089377@1cb9beb999.com></nooreply@maersk.com></eb6bceca@fd8e08.com></ops.ir@mcha-shipping.com>

Red Sky Alliance will continue to monitor this vessel name and identify the malicious activity associated with it. Analysts observed the malicious subject line “Fw: Re: FRFQ CARGO CONTAINER 6X6X8” being used this week. Notably, this subject line was sent from the same sender to multiple unique recipients. Typically, attackers will CC others on malicious emails or add them to the list of recipients in a single email. However, this attacker sent an individual email to each recipient.

The email address using this subject line to send malware is “Lisa Emily” <charlesmaherr@grps.org>. This email address is currently used by the principal of Sibley Elementary, based in Grand Rapids, Michigan. This user’s email does not appear in breach data so at this time, it appears that threat actors are spoofing the email instead of using an account which has been successfully taken over. The alias in this case is “Lisa Emily” however, there have been multiple aliases used with that email address. The following names have also been used as an alias with this email address:</charlesmaherr@grps.org>

Maichele Suzan
Anny Jesse
Eng Tan Jessmine
The senders use multiple unique subject lines (not all maritime related) and appear to target Electroputere . Electroputere is one of the largest industrial companies in Romania. It is unclear why these specific  are being targeted or what positions they hold at the company.

The attackers are attaching malware to the emails in the form of malicious zip files using unique file names. The zip files contain Trojan:Win32/MereTam.A malware which has the ability to create a backdoor on a target system to download other malware, including but not limited to ransomware. This malware also has the ability to stop scheduled scanning by Microsoft Windows Defender which helps the malware evade detection.

In other  this morning, the shipping giant CMA CGM was hit by a major cyber attack which disrupted daily operations for the company. According to Lloyd’s of London Intelligence sources, several of the company’s  offices were affected by Ragnar Locker ransomware.[1] CMA CGM initially claimed that their booking system was disabled by an internal IT issue, but later confirmed “external access to CMA CGM IT applications are currently unavailable” after the ransomware attack.

Last week Red Sky Alliance analysts identified CMA CGM’s name being used as part of a malicious email using the subject line “RE: CMA CGM CHRISTOPHE COLOMB – Bridge” (TR-20-265-001_Vessel_Impersonation). This email contained a malicious attachment containing TrojanDownloader:O97M/Emotet.CSK!MTB malware. This malware is typically used to steal sensitive information from a victim’s network but can also be used to download other malware including, but not limited, to ransomware.

Analysts have determined that this email was not part of this specific attack, but malicious emails often play a critical role in activating malware on a company’s network. That particular email had a “redacted” message body which would force many unwitting recipients into opening the attachment out of curiosity.

Attackers often use ransomware to earn a profit, however Ragnar has taken their attacks a step further. If a company is able to restore their data from backups and avoid paying the ransom, attackers will expose sensitive information online which was stolen as part of the ransomware attack. This attack would make CMA CGM the fourth major container shipping carrier known to have fallen victim to such a major cyber incident.

[1] https://lloydslist.maritimeintelligence.informa.com/LL1134044/CMA-CGM-confirms-ransomware-attack

Book a no-obligation Cyber Consultation

These analysis results illustrate how a recipient could be fooled into opening an infected email. Doing so could cause the recipient to become an infected member of the maritime supply chain and thus possibly infect victim vessels, port facilities and/or shore companies in the marine, agricultural, and other industries with additional malware.

Fraudulent emails designed to make recipients hand over sensitive information, extort money or trigger malware installation on shore-based or vessel IT networks remains one of the biggest day-to-day cyber threats facing the maritime industry. These threats often carry a financial liability to one or all those involved in the maritime transportation supply chain.

Preventative cyber protection offers a strong first-line defence by preventing deceptive messages from ever reaching staff inboxes, but malicious hackers are developing new techniques to evade current detection daily.

Using pre-emptive information from Red Sky Alliance-RedXray diagnostic tool, our Vessel Impersonation reports, and Maritime Blacklists offer a proactive solution to stopping cyber-attacks. Recent studies suggest cyber-criminals are researching their targets and tailoring emails for staff in specific roles.

Another tactic is to spoof emails from the chief executive or other high-ranking maritime contemporaries in the hope staff lower down the supply chain will drop their awareness and follow the spoofed email obediently. Analysts across the industry are beginning to see maritime-specific examples of these attacks.

Pre-empt, don’t just defend
Preventative cyber protection offers a strong first-line defense by preventing deceptive messages from ever reaching staff inboxes, but malicious hackers are developing new techniques to evade current detection daily.

Using preemptive information from Red Sky Alliance RedXray diagnostic tool, our Vessel Impersonation reports and Maritime Blacklists offer a proactive solution to stopping cyber-attacks. Recent studies suggest cyber-criminals are researching their targets and tailoring emails for staff in specific roles. Another tactic is to spoof emails from the chief executive or other high-ranking maritime contemporaries in the hope staff lower down the supply chain will drop their awareness and follow the spoofed email obediently. Analysts across the industry are beginning to see maritime-specific examples of these attacks.

The more convincing an email appears, the greater the chance employees will fall for a scam. To address this residual risk, software-based protection should be treated as one constituent of a wider strategy that also encompasses the human-element as well as organizational workflows and procedures.

It is imperative to:

Train all levels of the marine supply chain to realize they are under constant cyber-attack.
Stress maintaining constant attention to real-world cyber consequences of careless cyber practices or general inattentiveness.

Provide practical guidance on how to look for a potential phishing attempt.
Use direct communication to verify emails and supply chain email communication.
Use Red Sky Alliance RedXray proactive support, our Vessel impersonation information and use the Maritime Black Lists to proactively block cyber attacks from identified malicious actors.

 

Source: businessandmaritimewestafrica


image_750x_5f29fb6fa24ee.jpg
Technology; great when it works, frustrating when it doesn’t. Our reliance upon technology, and in particular remote connectivity, has never been greater.

While any rewards are invariably well articulated, many misconceptions continue to pervade cyber risk – and it’s the consequences of these “cyber myths” that could result in significant financial cost.

Here are several cyber risk misconceptions that exist within the maritime sector to watch out for:

  1. 01

    Cyber risk does not affect the maritime sector

    An organization that relies upon technology for any aspect of its operation has cyber risk. The maritime sector is therefore exposed to the same cyber risk as any other industry sector. Note the recent study by Naval Dome which reported a 400% increase in cyber-attacks against the maritime industry between February and June 20201.

  2. 02

    Nobody is going to target a business in the maritime sector and therefore I have nothing to worry about

    Cosco2, MSC3 and most recently, Carnival4, are just three high-profile examples of companies in the maritime sector who were targeted by cyber-criminals. You do not, however, have to be a target in order to suffer the impact of a cyber-attack – just ask Maersk5 and many others, who were collateral damage in a cyber-attack whose target was Ukraine. It is well documented that Maersk suffered significant financial harm as a result of the attack.

  3. 03

    We have invested significantly in network security controls and have therefore eradicated the cyber risk

    Putting the right controls in place is a crucial element of cyber risk mitigation. Such controls, however, can only ever minimize the vulnerabilities in the network and/or decrease the likelihood of the threat. It is impossible to eradicate the risk altogether. Moreover, insider threats remain an issue. Employees make mistakes and, on occasions, seek to deliberately cause their employers harm.

  4. 04

    Losses arising from cyber risk are covered under our traditional marine insurance policies

    This, of course, could be correct depending on the terms of the insurance contract. Hull and machinery policies, however, typically exclude loss or damage where caused by a cyber-attack. In some cases, policies may be silent on whether loss arising from cyber risk is covered or excluded, which potentially gives rise to uncertainty.

  5. 05

    My hull and machinery policy includes a cyber-attack exclusion, but a cyber-attack can’t lead to property damage

    This is incorrect. For example, in 2008 a pipeline in Turkey exploded after cyber-criminals hacked into the pipeline’s control systems. Similarly, in 2014, hackers accessed the control systems of a steel mill in Germany causing significant physical damage. Whilst there have been no reported cases of physical damage to vessels caused by a cyber-attack, the increased reliance upon operational technologies such as GPS, AIS and ECDIS on board vessels, may increase the threat of physical damage.

  6. 06

    I’ve looked at cyber insurance solutions in the past and concluded the cover was not relevant to my business

    While cyber threats are the same regardless of the sector, the way in which they impact organizations can vary enormously. Traditionally, cyber insurance solutions were drafted on a ‘one size fits all’ basis. Cyber risk poses unique challenges and exposures for the maritime sector, however. This is why Willis Towers Watson has developed CyNav, an insurance policy designed by cyber and marine specialists, specifically to meet the needs of the maritime sector.

Source: willistowerswatson


synergy-300x225.jpg

A9X Cyber Security, a Singapore-based dedicated maritime cyber security firm, has its work cut out as shipping’s easy target status has been reaffirmed this week with debilitating attacks on French liner CMA CGM and the International Maritime Organization (IMO).

“As the maritime industry continues to develop software and systems allowing online connectivity, automated vessels and leverage technology, some unethical individuals will continue to see this as increased opportunities to exploit onboard systems and any new vulnerabilities,” says Chris Blunt, co founder of A9X.

The software that A9X has developed addresses a number of different areas, with all of it grounded around remote installation and management.

With Covid-19, the ability for maritime companies to continually send IT professionals to remote sites is becoming both expensive and sometimes impossible, and there’s now less than three months to go until the IMO’s new cyber security rules kick in.

“Being compliant with the new IMO requirements will not allow vessel owners, nor managers to delay in addressing such issues, and our platform and software solutions allows for such threats to be handled promptly,” Blunt claims.

One of the biggest threats for maritime cyber security is poor Windows setups onboard, the A9X executive says.

“Many people are unaware that Windows is not secure out of the box and has 100 plus security vulnerabilities, coupled with the lack of maintenance, or to put it another way lack of patch management, and mis-configuration makes the onboard computers very exposed to cyber-threats,” Blunt warns.

In addition to its existing solutions, A9X is currently working on the development of two new solutions- a remote-updates and patch management for Windows – A9X Update and A9X Remote Cyber Auto-Fix, which is expected to improve the overall security of systems.

Blunt expects the two new software solutions to be available within the next six months.

Source: splash247


IMOHQ-671x381.jpg

The International Maritime Organization (IMO) is the second major shipping organisation to be hit by a cyber attack this week.

The IMO’s public website and internal intranet services were unavailable but have since been brought back online. The interruption of services started on 30 September and was caused by a “sophisticated cyber attack” against the IMO’s IT systems, the organisation said in a statement.

IMO IT technicians have shut down key systems to prevent further damage from the attack. The IMO is working with United Nations IT and security experts to identify the source of the attack and restore the network systems.

This is the second reported cyber incident to hit the maritime industry this week and the fifth high-profile attack in 2020. Container shipping company CMA CGM announced on 28 September that it was dealing with a malware attack that affected its peripheral servers. The company suspected the attack may have caused a data breach, CMA CGM said in a follow-up statement on 30 September.

Transportation and logistics company Toll Group was attacked on 31 January and 12 May. The organisation had to shut down several systems across multiple business units, causing delays and disruptions to the business. The hackers subsequently published stolen Toll Group data on the dark web.

Mediterranean Shipping Co. also underwent a malware attack at its Geneva headquarters on 10 April. An investigation into the incident found that no data was stolen, and the attack only affected a limited number of physical computer systems.

Cyber security experts have suggested that distractions and increased reliance on digital services due to COVID-19, as well as untrained staff having to carry out diagnostics, software updates, and patches, may be behind a surge in attacks this year.

Ido Ben-Moshe, vice-president of business development for maritime cyber security company Naval Dome, said that remote working and an increase in remotely controlled, autonomous technologies will likely accelerate during and after COVID-19. “This will see companies face new cyber security challenges if they fail to implement adequate protective measures,” he concluded.

Source: safetyatsea


Cyber-Attack_1_1000x600-768x461.jpg

After disrupting the services of France-based CMA CGM, hackers reportedly targeted London based IMO aka International Maritime Organization, a federal organization that regulates shipping.

And because of the attack, the website of the company is down and not reachable.

The shipping related UN organization says that its internal systems and email services were restored back to normalcy after they were pushed to the database of Global Integrated Shipping Information System (GISS) and Virtual publication services and IMODOCS will be soon revived.

IMO has asked the IT staff of UN Council to probe down the incident and to identify the attack and enhance security of the systems.

What’s interesting about the attack is that it just occurred two days after a cybersecurity breach occurred on the database of CMA CGM.

Note 1- Although many media sources speculate that the attack on IMO was of ransomware variant, the shipping governing agency did not confirm it. A ransomware is a kind of malware that steals a portion of data and then encrypts a database until a ransom is paid.

Note 2- IMO is an organization that takes care of safety, environmental concerns, legal matters, technical cooperation, maritime security and works towards efficacy of shipping in international waters. It has over 174 member states and 3 associate members and an assembly that governs 5 committees- namely the Maritime Safety Committee, the Maritime Environment Protection Committee, the legal committee, the Technical Co-operation Committee and the Facilitation Committee.

 

Source: cybersecurity


Twitter

@AnyawbSales - 12 months

INDIA TO BAN SINGLE USE PLASTIC ON ALL CALLING SHIPS

@AnyawbSales - 2 years

SQEXpress maritime electronic sms forms platform just released

Photo Gallery