1,000 Ships Affected By Ransomware Attack On DNV’s Software

By   Adeola Adegunwa
Writer , Informationsecuritybuzz | Jan 18, 2023 08:10 am PST

DNV, a Norwegian assurance and risk management firm and classification organization, has confirmed that almost 1,000 ships were affected by a recent ransomware cyberattack on its fleet management system. After the hack on its ShipManager fleet management and operations platform was discovered on Saturday, January 7, in the evening, the class society was obliged to shut down the software’s IT servers.

DNV has officially confirmed that a ransomware assault that it claims affected 1,000 vessels and 70 customers has affected those numbers. The server outage has no impact on any additional DNV services, and there are no indications that any other DNV software or data is concerned. All users can still access the onboard, offline capabilities of the ShipManager program.

To analyze the situation and ensure operations are back online as quickly as feasible, DNV specialists collaborate closely with international IT security partners. In its statement today, DNV stated that it was in contact with the Norwegian police on the event.

Cyber Attack On ShipManager Software 

According to DNV’s website, more than 7,000 boats owned by 300 customers use its ShipManager and Navigator port and crew management software solutions. The ShipManager platform has modules that give users access to ship management data’s technical, operational, and compliance aspects.

These modules include planned maintenance systems (PMS), shipping procurement, ship safety management systems (QHSE), crew management systems, hull integrity management, dry-docking and ship repair, and shipping data analytics.

For the maritime, power, oil and gas, automotive and aerospace, food and beverage, and healthcare industries, DNV offers a wide range of services. The company’s ShipManager software is made for ship management operations and ship design in the marine sector.

DNV, the largest classification society in the world, handles the technical certifications for creating and using ships and offshore buildings. In 2021, the company’s revenue exceeded $2 billion. More than 13,175 ships and mobile offshore units are currently serviced by it.

DNV expressed regret for any annoyance and disturbance this incident may have brought about.

Previous CyberAttacks On Shipping vessels

The most recent incident affecting the shipping sector is the attack on DNV. The LockBit ransomware organization recently targeted the Port of Lisbon, and throughout 2022, ports in Europe experienced a wave of ransomware attacks.

In February 2022, the German logistics giant Marquard & Bahls’ oil firms Oiltanking and Mabanaft were both victims of a cyberattack that rendered their loading and unloading systems inoperable. Oiltanking claimed that because of the attacks, the company “declared force majeure.”

Alejandro Mayorkas stated to Congress in November that cyberattacks pose the greatest threat to U.S. ports. Without a doubt, cybercrime poses a significant concern, but keep in mind that you have options for defense. Being aware of potential weak points is a fantastic place to start. 

Ways To Managing CyberAttacks In The Shipping Sector

You may address cyber threats, sophisticated breaches, company continuity, and crisis management by frequently conducting security drills.

1. Create a response team:

The first goal is to get ship operations back to normal. Put together a team to repair the OT and/or IT systems. The reaction team, which could be made up of individuals from both onboard and ashore, as well as outside experts, should be able to handle every aspect of the response.

2. Conduct a first evaluation:

Your response team should ascertain the following information to ensure you respond to the cyber incident appropriately:

  • How the incident happened.
  • Which IT and OT systems were impacted?
  • How much the commercial and/or operational data was impacted?
  • How much of a threat to IT and OT still exists?
  • What should be preserved as incident evidence for further inquiry?

3. Retrieve systems and information:

The next stage is to get OT and IT back in working order. Your team should take the appropriate actions to eliminate risks from the system and restore software by working step-by-step through a recovery plan. The recovery strategy ought to:

4. Examine the occurrence:

It would be best if you started a thorough investigation, preferably with assistance from an outside expert, to comprehend the cyber incident’s reasons and effects. Such a review can assist you in learning how a vulnerability was exploited and the technological and operational security precautions you should take both on board and ashore to avoid it happening again.

5. Avert another occurrence:

You should make the necessary adjustments if your post-incident analysis reveals weaknesses in your technical and/or procedural protection mechanisms. Review the lessons learned, address security flaws, and instruct your staff on how to identify security breaches.

Conclusion

DNV disclosed on January 9 that a cyberattack that attacked its ShipManager software on January 7 resulted in the business having to shut down related servers. The business made it clear that it was the subject of a ransomware attack that affected 700 of its clients and about 1,000 vessels in a statement released on January 17. “No evidence suggests that any other DNV software or data is impacted. There is no information on whether any data has been stolen or which ransomware group is responsible for the attack.

Subscribe
Notify of
guest
1 Expert Comment
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Simon Chassar
InfoSec Expert
January 19, 2023 12:06 pm

“Cyber criminals know that hitting business availability and affecting supply chains is the most effective way to gain a ransom payment. Ransomware attacks that impact vessels’ operations can cause nation-wide economic and social impacts.

They want to put decision makers in an impossible situation so that they have no choice but to pay ransoms in order to get services back up and running. Unfortunately, attacks that impact the critical infrastructure industry are increasing as they add more digital transformation and connected cyber-physical systems to their networks without the right protection tools. 

The convergence of IT and OT systems as well as the connection of Industrial Internet of Things (IIoT) devices and Industrial Control Systems (ICS) exposes organisations to new cyber threats and vulnerabilities which can impact their operations and availability.

Protecting business availability and building resilience should be the number one priority for critical infrastructure organisations such as maritime companies. They need to implement patching services to fix urgent OT vulnerabilities as well as ICS and IIoT ones. Network segmentation with asset class policies should also be put in place to limit the movement of malware and mitigate the impact of ransomware attacks.”

Last edited 8 months ago by simon.chassar

Recent Posts

1
0
Would love your thoughts, please comment.x
()
x