cyber-security-phisisng-maritime-1200x800.png

New Phishing Campaign Targeting Shipping Companies Raises Alarm

July 4, 2025 MARITIME CYBER SECURITYMaritime Safety News

In the latest wave of maritime cyber threats, a new phishing campaign has emerged that is specifically targeting shipping companies and maritime logistics operators. This sophisticated attack is exploiting vulnerabilities in human behavior and outdated security protocols, reinforcing the urgent need for enhanced cybersecurity awareness and systems across the maritime sector.

📧 How the Phishing Campaign Works

Cybersecurity analysts from several threat intelligence sources have observed a coordinated campaign using spoofed emails and fake shipping documentation to trick employees into clicking malicious links or downloading harmful attachments.

Typical emails are disguised as:

  • Port clearance documents

  • Charter party updates

  • Invoice disputes or urgent payment requests

  • Container status or customs alerts

Once a user engages with the malicious content, attackers attempt to:

  • Harvest login credentials for internal platforms

  • Infiltrate corporate email chains (Business Email Compromise – BEC)

  • Deploy ransomware or data-stealing malware

🚢 Why the Maritime Industry is Being Targeted

The maritime sector remains a high-value target for cybercriminals due to:

  • Increasing digitalization (e.g., eNavigation, cloud-based logistics)

  • Often outdated or unpatched IT systems onboard and onshore

  • Time-sensitive operations, making staff more likely to act on “urgent” emails

  • Lack of regular cyber awareness training across crews and offices

Shipping companies handle massive amounts of sensitive data—from cargo manifests to crew details and port documents. Gaining unauthorized access can allow attackers to disrupt operations, demand ransoms, or steal commercial secrets.

⚠️ Real-World Implications

The risks of falling victim to phishing in maritime operations include:

  • Operational delays (caused by system lockouts or fraud investigations)

  • Financial loss from fake invoice payments or ransom demands

  • Reputational damage, especially if client data is leaked

  • Regulatory penalties under data protection and cybersecurity compliance laws

🔐 How to Protect Your Organization

Maritime companies are strongly advised to take immediate steps to strengthen their cyber defenses. These include:

✅ 1. Employee Training

Conduct frequent training to help staff recognize phishing attempts, especially those disguised as maritime-specific documents.

✅ 2. Email Authentication

Implement DMARC, SPF, and DKIM protocols to reduce email spoofing.

✅ 3. Multi-Factor Authentication (MFA)

Require MFA for all access to internal systems and cloud platforms.

✅ 4. Endpoint Protection

Deploy advanced endpoint detection and response (EDR) tools on shore and ship-based IT systems.

✅ 5. Incident Response Planning

Have a clear and tested response plan in case of phishing attacks, including isolation of infected devices and communication protocols.

🔎 Final Thoughts

As maritime operations become more reliant on digital systems, the human element remains the weakest link in cybersecurity. This phishing campaign is a reminder that cybersecurity is not just an IT issue—it’s a safety and operational continuity issue.

Now is the time to review your cybersecurity posture and invest in both technology and training that can keep your business afloat in an increasingly hostile digital sea.

🛡️ Need help improving your cybersecurity strategy?
Contact our team at sales@shipip.com for guidance on policies, procedures, and tools tailored to the maritime industry.
imo-maritime.png

IMO Maritime Safety Committee Opens 110th Session – Safety, Technology & Seafarer Protection in Focus

June 24, 2025 IMOMaritime Safety News

🌍 The International Maritime Organization (IMO) officially opened the 110th session of its Maritime Safety Committee (MSC 110) on June 18, 2025 in London, focusing on crucial safety concerns and new maritime regulations.

As the global regulatory authority for shipping, the IMO’s Maritime Safety Committee plays a vital role in developing and updating safety standards across the industry. The 110th session comes at a critical time as the industry continues to face emerging threats such as fires onboard car carriers, autonomous vessel operations, and cyber risks.

🔹 Key Highlights of MSC 110:

  • Review of recent major marine casualties, including fires and collisions

  • Strengthening fire protection measures aboard ro-ro and vehicle carriers

  • Updates on GMDSS modernization and navigational safety systems

  • Progress on safety regulations for autonomous vessels (MASS)

  • Discussions on seafarer well-being, safety drills, and fatigue management

  • Enhancing global coordination on Search and Rescue (SAR) operations

  • Consideration of cybersecurity as part of ship safety systems

🔒 IMO Secretary-General Arsenio Dominguez emphasized the importance of staying proactive in safety regulation, especially with new technologies transforming ship operations.

🚢 With the number of serious safety incidents increasing globally—such as the recent sinking of fire-damaged car carriers—the need for a strong, forward-looking regulatory framework has never been more urgent.

📌 About SHIP IP LTD:
As a trusted provider of maritime compliance and safety solutions, we closely monitor international developments like MSC 110 to keep our clients informed and compliant.

psc-officers-verifing-ecdis-patched-on-board-a-vessel-1-1200x800.png

IMO’s ECDIS Cybersecurity Mandate: June 2025 Compliance Status & Enforcement

June 24, 2025 CYBER SECURITYECDISUncategorized

Urgent Update: Enforcement Now Active

As of June 1, 2025, the IMO’s SN.1/Circ.901 is fully enforced, with:

  • 23 ships detained globally for non-compliance (per Equasis data)

  • Top deficiencies:

    1. Unpatched Furuno FEA-2100 systems (62%)

    2. Missing hardware security modules (HSMs) (28%)

    3. Incomplete crew training records (10%)

Key Requirements Under Scrutiny

1. Mandatory Patches for Critical Vulnerabilities

System Patch Version Risk if Unpatched
Furuno FEA-2100 v4.2.1 (2025-05) GPS spoofing attacks
Transas Navi-Sailor 4000 v3.8.3 Chart tampering
JRC JAN-9200 v2.6.0 Ransomware infiltration

 

2. Hardware Security Modules (HSMs) Now Mandatory

  • Approved Models:

    • Thales payShield 9000 ($3,800/ship)

    • Utimaco CryptoServer CP5 (IMO-certified)

  • Deadline: Installed before next annual survey

3. Crew Training Documentation

  • New 2025 Standard: Minimum 4 hours/year of cyber drills

  • Acceptable Proof:

    • IMO-model course 1.45 certificates

    • VR training logs from Marlins

Recent Enforcement Actions

Case Study: MV Atlantic Dawn Detention (June 15, 2025)

  • Location: Singapore Port

  • Deficiency: Unpatched JRC ECDIS (v2.4.0)

  • Consequences:

    • 48-hour detention ($12,000/day fee)

    • Class suspension until compliance

Lesson: PSC checks now include automated version scans of ECDIS firmware.

Compliance Checklist for June 2025

  1. Verify Your System

    text

    Copy

    Download

    ECDIS Menu → Help → About → Check version

  2. Submit Proof to Flag State

    • Template: IMO Compliance Declaration Form

  3. Prepare for PSC Inspections

    • Required documents:

      • Patch installation logs

      • HSM purchase invoices

      • Crew training records

Industry Impact

Insurance Changes (June 2025):

  • Lloyd’s Market Association: 15% premium surcharge for ships without HSMs

  • North P&I Club: Cyber claims denied if ECDIS unpatched

Quote from BIMCO:

“Over 40% of ships needed last-minute upgrades in Q2 2025 – don’t risk detentions.”

📌 Key Resources

  • IMO SN.1/Circ.901 (2025 Revised)

  • Free Cyber Compliance Webinar (June 28, 2025)

Seafarer-Mental-health-1.jpeg

IMO Mandates Monthly Emergency Drills for Passenger Ships: Full Breakdown of New Safety Rules

June 23, 2025 Maritime Safety News

Urgent Regulatory Update

On June 22, 2024, the International Maritime Organization (IMO) issued Circular MSC.1/Circ.1650, significantly tightening emergency drill requirements for passenger ships following critical lessons from the 2023 Euroferry Olympia disaster and 2022 Costa Concordia anniversary review.

Key Changes in the New IMO Directive

1. Mandatory Monthly Drills (Up from Quarterly)

  • All passenger vessels (cruise ships, RoPax, ferries) must now conduct:

    • Abandon-ship drills (including lifeboat launches)

    • Firefighting exercises (with actual equipment deployment)

    • Crowd management training for crew

  • Drills must vary scenarios: Different locations/emergencies each month

2. Virtual Reality (VR) Training Integration

  • Approved VR systems must simulate:

    • Night evacuations

    • List conditions (up to 20° heel)

    • Language barrier challenges

  • First compliance deadline: January 2025 for ships >5,000 GT

3. Enhanced Documentation Requirements

  • Digital logs must record:

    • Drill duration

    • Crew participation rates

    • Equipment performance issues

  • New Form EDS-2024 required for flag state reporting

Why This Changed Now

The IMO’s Maritime Safety Committee (MSC 108) identified 3 critical failures in recent emergencies:

  1. Crew hesitation during the Euroferry Olympia fire (2023) due to infrequent drills

  2. Lifeboat deployment failures in 37% of spot-checked vessels

  3. Passenger panic contributing to 28% of evacuation injuries

Compliance Timeline & Penalties

Deadline Requirement Penalty for Non-Compliance
1 Aug 2024 VR training systems ordered Detention during PSC inspections
1 Jan 2025 Full implementation Up to $25,000 fine per missing drill
1 Jul 2025 Retrofit for ships built pre-2020 Flag state sanctions

How to Prepare: 5 Actionable Steps

  1. Download Official Documents:

  2. Conduct a Gap Analysis

  3. Invest in Approved VR Systems

  4. Update Training Manuals

  5. Schedule Crew Certification

Industry Reactions

Cruise Lines International Association (CLIA):

“We support these changes but request phased implementation for older vessels.”

International Transport Workers’ Federation (ITF):

“Monthly drills are overdue – crew safety must come before profits.”

Technical Deep Dive: New VR Requirements

  • Hardware: Minimum 4K resolution, 120Hz refresh rate

  • Scenarios Required:

    • Engine room fires with smoke simulation

    • Lifeboat launch in 3m+ waves

    • Disabled passenger evacuation

📌 Related Content

crewexpress stcw rest hours software

Cleaner-Marine-Shipping-1200x800.jpg

Tanker Collision Off Malaysia, IMO Emergency Drill Alerts & New Piracy Warnings – Latest Maritime Safety News

June 23, 2025 Maritime Safety News

Chemical Tanker Collision in the Malacca Strait

Incident (June 23, 2024): The MT Ocean Pioneer (chemical tanker) and Bulk Jupiter (cargo ship) collided near Port Klang, Malaysia, causing a minor hydrocarbon leak.

Key Details:

  • Cause: Preliminary reports suggest radar malfunction and miscommunication.

  • Response:

    • Malaysian Coast Guard deployed oil-spill containment teams.

    • No injuries; both vessels anchored for damage assessment.

  • Safety Takeaway:

    • Verify AIS and radar systems before transit in congested straits.

    • Review IMO COLREG Rule 7 (risk of collision).

maritime-cyber-security.png

IMO Strengthens Cyber Risk Management Guidelines for Maritime Industry

June 23, 2025 CYBER SECURITY

The International Maritime Organization (IMO) has issued updated guidelines to enhance cybersecurity in the maritime sector, urging shipping companies and ports to integrate cyber risk management into their Safety Management Systems (SMS). This move comes amid rising cyber threats targeting critical shipping infrastructure, including GPS spoofing, ransomware attacks, and operational disruptions.

Why the New IMO Cyber Risk Management Guidelines Matter

Cyber threats pose a growing risk to ships, ports, and supply chains. Recent incidents—such as the 2023 ransomware attack on a major European port and GPS jamming in conflict zones—highlight the urgent need for robust cybersecurity measures.

The IMO’s latest guidance reinforces Resolution MSC.428(98), which mandates that cyber risks be addressed in compliance with the International Safety Management (ISM) Code. Companies must now ensure that:

  • Cyber risks are identified and mitigated in SMS documentation.

  • Crew members receive regular cybersecurity training.

  • Critical systems (navigation, propulsion, cargo ops) are protected from cyber intrusions.

Key Updates in the IMO’s Cyber Risk Guidelines

  1. Risk Assessment – Companies must conduct regular cyber risk evaluations, including threat modeling for onboard and shore-based systems.

  2. Incident Response Plans – Ships should have clear protocols for responding to cyber incidents (e.g., data breaches, system failures).

  3. Third-Party Vendor Risks – Increased scrutiny on software providers, satellite communications, and port IT systems.

  4. Training & Awareness – Crew and shore staff must be trained to recognize phishing, social engineering, and malware threats.

🔗 Download Official IMO Cyber Risk Management Documents

Industry Reactions & Compliance Deadlines

  • Classification societies (DNV, ABS, LR) have updated their SMS audit checklists to include cyber risk compliance.

  • The U.S. Coast Guard (USCG) and European Maritime Safety Agency (EMSA) have aligned their advisories with IMO standards.

  • Deadline: While the guidelines are non-mandatory, the IMO strongly recommends implementation by 2025 to align with ISM Code audits.

How Shipping Companies Should Prepare

  1. Conduct a cybersecurity gap analysis (compare current SMS vs. IMO guidelines).

  2. Train seafarers & IT staff on cyber hygiene (e.g., strong passwords, suspicious email detection).

  3. Secure OT (Operational Technology) systems (ECDIS, AIS, engine control networks).

  4. Partner with cybersecurity firms specializing in maritime threats (e.g., NAVTOR, CyberKeel).

📌 Additional Resources

gps-interfere-in-strait-of-hormouz.png

Advisory on GPS Jamming and Alternative Navigation Measures Near the Strait of Hormuz

June 23, 2025 CYBER SECURITYMARITIME CYBER SECURITYNavigation Alerts

To: All Ship Owners, Operators, Masters, and Navigating Officers

1. Background

Recent reports indicate an increased risk of GPS signal interference or jamming in the vicinity of the Strait of Hormuz. Vessels operating in this region should remain vigilant and prepare for potential disruptions to Global Navigation Satellite Systems (GNSS), including GPS.

2. Recommended Actions

In the event of suspected or confirmed GPS jamming, vessels are strongly advised to employ alternative navigation techniques to ensure safe passage. The following measures should be considered:

A. Non-GPS Navigation Methods

  • Celestial Navigation: Use sextant observations for celestial fixes.

  • Radar Navigation: Cross-check positions using radar bearings and ranges.

  • Dead Reckoning (DR): Maintain accurate logs of course and speed for position estimation.

  • Inertial Navigation Systems (INS): Rely on gyrocompass and inertial sensors if available.

  • Visual & Terrestrial Aids: Verify positions using lighthouses, buoys, and landmarks.

B. Operational Precautions

  • Cross-Verify Positions: Use multiple independent methods to confirm location.

  • Monitor AIS/ECDIS Discrepancies: Be aware that these systems may be compromised without GPS.

  • Report Incidents: Notify nearby vessels, port authorities, and maritime agencies (e.g., UKHO, IMB) of suspected jamming.

3. Contingency Planning

  • Ensure bridge officers are trained in manual navigation.

  • Conduct GPS-denial drills.

  • Carry updated paper charts as a mandatory backup.

4. Additional Resources

  • IMO Guidelines (MSC.1/Circ.1572)

  • UKHO Maritime Security Chart Q6099

5. Contact Information

For urgent assistance or further guidance, contact:

SHIP IP LTD
📞 Tel: (+359) 24929284
📧 Email: sales@shipip.com
🌐 Website: www.shipip.com

gps-interfere-in-strait-of-hormouz.png

Iran Votes to Close Strait of Hormuz: Global Shipping on Alert

June 23, 2025 Maritime Safety News

🚨 Iran Votes to Close Strait of Hormuz: Global Shipping on Alert

Published: June 23, 2025
Region: Strait of Hormuz / Persian Gulf

📌 Overview

In a dramatic escalation, Iran’s parliament has voted to close the Strait of Hormuz, a key chokepoint for global oil and gas exports. The decision awaits approval by Iran’s Supreme National Security Council, but even the vote alone has triggered alarm across the maritime and energy sectors.

The Strait of Hormuz handles roughly 20% of the world’s oil supply and about one-third of all seaborne crude. This move—seen as a retaliatory measure amid rising geopolitical tensions—has the potential to spike oil prices, reroute shipping, and increase insurance and freight costs.

⚠️ Impacts for Shipping and Maritime Operators

  • Route Disruption: Tankers may be forced to reroute via longer and more expensive paths (e.g. around Africa via the Cape of Good Hope).

  • Cost Increase: Tanker freight rates are already rising, and insurance premiums for transiting Hormuz are expected to surge.

  • Delays and Logistical Bottlenecks: Port congestion, delayed cargoes, and cascading effects on global trade are highly likely.

  • Security Threats: The risk of vessel seizure or electronic warfare (e.g. GPS spoofing) remains elevated.

🔐 Recommended Safety Measures

✅ For Shipowners & Operators:

  • Reassess Voyage Planning
    Avoid or minimize time spent in Iranian waters. Use UKMTO updates to plan secure passage.

  • Enhance Watchkeeping and Evasive Protocols
    Increase bridge team vigilance and readiness drills. Use non-GPS navigation techniques when GPS jamming is suspected.

  • Check Political Risk Insurance
    Verify war risk coverages and revalidate navigational clauses with underwriters.

  • Coordinate with Coalition Forces
    Register transits with UKMTO, IMSC, and EMASoH. Follow coalition naval guidance closely.

✅ For Crews:

  • Conduct drills for emergency procedures in case of boarding or engine shutdown.

  • Reinforce anti-piracy watch routines.

  • Keep SATCOM and emergency communication systems functional and tested.

🌍 Broader Implications

Analysts caution that Iran lacks both the legal and practical ability to fully enforce a closure—but even the threat is enough to create volatility.
This situation is reminiscent of previous incidents involving the seizure of tankers, GPS spoofing, and regional naval exercises that affected maritime safety.

Oil prices have already surged to near $98/barrel. Global shipping alliances and the IMO are closely monitoring developments.

📣 Final Note

SHIP IP advises all clients operating in or near the Gulf region to review safety management systems, coordinate with naval authorities, and ensure crew readiness under high-risk conditions.

📧 For custom routing or safety consultancy, contact: support@shipip.com

rightship-inspection.png

Iran Parliament Votes to Close Strait of Hormuz – Global Shockwaves

June 23, 2025 CYBER SECURITYMARITIME CYBER SECURITYMaritime Safety News

Iran’s parliament has approved a measure to close the Strait of Hormuz pending Supreme Council review, a move that could impact roughly 20% of the world’s oil supply . Such a closure, if executed, could drive oil prices above $100/barrel and severely disrupt global trade reuters.com+5washingtonpost.com+5news.com.au+5. However, analysts caution Iran lacks the capability—and legal grounds—to fully block the strait en.wikipedia.org+9washingtonpost.com+9nypost.com+9.

Safety/Shipping Impact:

  • Urgent need for rerouting strategies and safety contingency plans

  • Spike in tanker freight rates and maritime risk premiums

  • Increased vigilance required by insurers and P&I clubs

📣 Final Note

SHIP IP advises all clients operating in or near the Gulf region to review safety management systems, coordinate with naval authorities, and ensure crew readiness under high-risk conditions.

📧 For custom routing or safety consultancy, contact: support@shipip.com

gps-interfere-in-strait-of-hormouz.png

GPS Interference and Tanker Collision Raise Safety Alarms in Strait of Hormuz

June 23, 2025 CYBER SECURITYMARITIME CYBER SECURITYMaritime Safety News


Region: Strait of Hormuz / Gulf of Oman

🔍 Incident Overview

In the past 72 hours, multiple vessels in the Strait of Hormuz have reported severe GPS interference, resulting in erratic navigational behavior. This culminated in a serious incident involving the oil tanker Front Eagle, which collided with the vessel ADALYNN, leading to an onboard fire and minor spill.

The collision was reportedly linked to spoofed GPS signals that misled the Front Eagle’s navigational systems, causing a sudden course deviation. Emergency response units contained the fire, and all crew were evacuated safely. The collision and spill area have triggered an environmental monitoring operation.

🛰️ What Is GPS Spoofing?

GPS spoofing is the deliberate broadcast of false GPS signals, causing a vessel to believe it is in a different location than it truly is. This can result in:

  • Incorrect autopilot routing

  • Navigation into restricted waters

  • Increased collision risk

This interference has been confirmed by data from commercial satellite tracking and reported widely by global shipping operators.

🔒 Recommended Actions for Ship Operators

To safeguard vessels navigating the Persian Gulf, especially around the Strait of Hormuz, the following best practices are strongly advised:

1. Use Redundant Navigation Methods

  • Cross-check GPS with radar, visual bearings, and inertial navigation systems (INS)

  • Update crews on dead reckoning and manual plotting skills

2. Autopilot Safety Protocols

  • Disable autopilot in high-risk areas and steer manually

  • Increase bridge watch vigilance and apply voyage data recorder (VDR) reviews

3. Situational Awareness

  • Monitor NAVTEX, IMO GISIS, and UKMTO alerts for real-time guidance

  • Use AIS overlays and satellite services (like GNS Watch) to detect spoofing anomalies

4. Cybersecurity Drills

  • Simulate spoofing/jamming scenarios during bridge team drills

  • Test GPS signal validation via ECDIS-integrated tools where available

5. Report and Record

  • Immediately report GPS disruptions to UKMTO and MARLO Bahrain

  • Log incident time, false coordinates, and corrective actions in the vessel logbook

🌍 Broader Implications

The incident highlights a growing maritime cybersecurity and navigational safety threat in geopolitically sensitive regions. Shipping companies, charterers, and P&I clubs are closely monitoring risk levels, and rerouting is under consideration for some operators.

A formal investigation has been launched. The IMO is also reviewing the use of multi-layered navigation systems to prevent future spoofing-induced accidents.

📣 Stay Informed

SHIP IP encourages all ship operators and safety officers to update their navigational safety manuals and conduct crew refresher training in light of these developments.

For support or customized fleet guidance, contact us via:
📧 support@shipip.com | 🌐 www.shipip.com

Older Posts

News

Quick Menu

Company DETAILS

SHIP IP LTD
VAT:BG 202572176
Rakovski STR.145
Sofia,
Bulgaria
Phone ( +359) 24929284
E-mail: sales(at)shipip.com

ISO 9001:2015 CERTIFIED