It has been reported that tug owners have been warned to be vigilant for cyber attacks and malware after a tug in the US was targeted. Towage vessels and their crews are increasingly connected to online services during operations, increasing their vulnerability to cyber threats, malware, viruses and hackers. These concerns were raised by the Maritime Transportation System (MTS) – Information Sharing and Analysis Center (ISAC) in the US after a tug was the victim of a phishing email.
This was the first time a tug reported receiving this type of phishing email, according to MTS-ISAC, which advised the whole maritime industry of the dangers of cyber attacks. Its cyber security advisory said a tug operating organisation received the phishing email with a voicemail-themed attachment, then notified Louisiana InfraGard of the cyber threat, which notified MTS-ISAC. This malware email spoofed the vessel operator as the sender and was sent to the tug with an Office 365 eVoiceMail Express-themed attachment.
Transportation organisations are rapidly evolving to improve their service levels and efficiency. As the same time, safety has never been more important, as risks from cyber threats increase. Indeed, the World Economic Forum cites cyberattacks on critical infrastructure, including transportation, as the world’s fifth highest risk in 2020. The maritime industry in particular transports 90% of the world’s trade, and like other industries, is becoming increasingly connected, automated and remotely monitored.
The level of system visibility and cybersecurity maturity in this sector is relatively low. Many ships contain devices and systems that their operators aren’t even aware of. Crew are not typically trained to identify phishing emails or manage network access control. While dramatic situations like a vessel being capsized via hacking are not out of the realm of possibility, they are still unlikely. Crew constantly observe ship behaviour and have the ability to employ manual or safety systems to correct performance that is out of normal range. Driven by the needs to reduce risk, comply with international shipping standards, and meet insurer requirements, shipping companies are investing in cyber resiliency. An important capability lies in identifying maritime assets and their communications. Networks should be monitored for vulnerabilities, threats, and unusual behaviour that could indicate a cyberattack.
Just as water always flows downhill, cybercriminals will always attack at the weakest part of a system. The people using the system are oftentimes the weakest element, opting to click a link in an email that says “URGENT” or voluntarily giving up their credentials when somebody named “IT Support” asks nicely. The best defence has multiple reinforcing layers. Make people aware of the threat of phishing attacks by training them to recognise suspicious messages. Because people won’t necessarily retain the training information initially, add on to the learning process by testing them. Many organisations distribute test phishing emails from time to time, tracking who falls for them. Someone will inevitably fall victim to such tests. To continue reinforcing protections against a real world phishing attack, organisations should consider providing added protections to email attachments and browser links. Additionally, implement two-factor authentication whenever possible to minimize the risk of stolen credentials. Finally, be sure to have a robust response plan in place to contain and sanitize incidents as soon as possible should they happen.