Maritime Shipping Is An Ideal Target For Ransom

The maritime industry is often dependent on just-in-time supply chains, and often old technology and this is making shipping a very attractive target for cyber criminals. 

Ransomware attacks against the shipping industry have tripled in the past year, as cyber criminals to make money from ransom payments. Analysis by cyber security company BlueVoyant has found that ransomware attacks are increasingly targeting shipping firms at a time when the global COVID-19 pandemic means that their services are required more than ever before.

Ransomware attacks have become a serious issue for all organisations in every type of industry, but a successful attack against a company could potentially mean chaos and an extremely lucrative payday for attackers. It is undisputed that the largest cyber security threat facing supply chain and logistics companies today is neither nation-state attacks nor data breach information for sale on the dark web; it is ransomware.

The Blue Voyant Report shows that from 2019 to 2020, ransomware attacks on shipping and logistics firms tripled, with almost all attacks resulting from phishing or exploitation of open remote desktop ports, making the sector especially vulnerable during the critical global vaccine rollout.

Key Report Findings:

  • Ransomware is the No. 1 cyber threat to logistics companies today, suggesting a situation of imminent and extreme risk.
  • Malicious actors are keenly interested in logistics companies. 100% of the companies assessed saw some evidence of threat targeting against their network.
  • Despite the risks of ransomware attacks, 90% of the organizations studied were found to have open remote desktop or administration ports and insufficient email security, the primary vulnerabilities to ransomware gangs.

Shipping companies are often very sizable businesses that are easily effected by any disruption and this makes them targets for cyber ransomware gangs.

2017's NotPetya cyber-attack demonstrated the amount of disruption that can occur in these scenarios, and Maersk got globally cyber attacked in an incident that cost hundreds of millions in losses. But despite this high profile cyber event demonstrating the need for good cybersecurity strategy, according to BlueVoyant's report, shipping and logistics companies need to "dramatically" improve IT hygiene and email security to make networks more resilient against ransomware and other cyber attacks.

That includes fixing vulnerabilities in remote desktops or ports, something that 90% of the organisations studied in the research were found to have. Problems like unpatched software or using default or common login credentials can provider cyber attackers with relatively simple access to networks.

In some cases, it isn't ransomware groups that are breaching logistics and shipping companies, but merely opportunistic cyber criminals who know they'll be able to sell the credentials on for others to use to commit attacks. 

High-profile cargo like the COVID-19 vaccine, and the data that goes with it, make shipping and logistics companies high-value targets to cyber criminal and national state actors aiming to disrupt government efforts and steal sought-after vaccine data.

Shipping companies have vast networks, but there are cyber security procedures that can improve their defences against cyber-attacks. These include securing port and network configuration so that default or easy-to-guess credentials aren't used and to, where possible, secure the accounts with two-factor authentication.

Organisations should also update and patch software in a timely manner so cyber criminals can't take advantage of known vulnerabilities to gain access to networks. Using open-source data and proprietary research, BlueVoyant assessed 20 of the top global shipping and logistics companies to understand their vulnerability to ransomware and other disruptive attacks.

The results indicate the growing threats facing the sector, specifically the disproportionate impact of rising ransomware attacks, capable of bringing businesses that operate technology-driven and highly automated ‘just-in-time’ delivery schedules to a standstill.

BlueVoyant:          ZDNet:       Yahoo:      Waysudin:        Image: Unsplash

You Might Also Read: 

Maritime Cyber Security Is Equally Important On Land:

 

 

« Google Plans To Eradicate Cookies
Can Ethical AI Become A Reality? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Information Security Research Association (ISRA)

Information Security Research Association (ISRA)

ISRA is a non-profit organization focused on various aspects of Information Security including security research and cyber security awareness activities.

Cyber Risk Agency

Cyber Risk Agency

Cyber Risk Agency is a cybersecurity consulting firm specializing in managing cyber risks for SMEs.

LATRO Services

LATRO Services

LATRO Services is a complete solution provider to discover, locate, and eliminate telecom fraud.

Navaio IT Security

Navaio IT Security

Navaio helps clients with IT Security related challenges with a primary focus on Identity and Access Management, Data Governance, User Awareness and Cyber Resilience Services.

Hut Six Security

Hut Six Security

Train, test and track your Information Security culture through information security awareness training and customised phishing simulation campaigns.

Falcongaze

Falcongaze

Falcongaze SecureTower is a comprehensive DLP solution for the protection of business against internal threats.

Infopercept Consulting

Infopercept Consulting

Infopercept is a leading cybersecurity company in India, providing a critical layer of security to protect business information, infrastructure & assets across the organization.

Phakamo Tech

Phakamo Tech

Phakamo Tech offers a full set of governance, risk, compliance, cybersecurity and Microsoft Cloud services that include consulting, planning, implementation and cyber incident response.

Defentry

Defentry

Defentry have created an Ecosystem that lets our users easily monitor, train and resolve their digital security issues.

CertiProf

CertiProf

CertiProf has been enhancing professional lives since 2015, offering a wide range of IT certifications and agile framework training.

Oivan

Oivan

Oivan harnesses the strengths of the web, mobile, cloud, cybersecurity, and blockchain technologies to help our clients to launch transformative digital services.

Immunefi

Immunefi

Immunefi provides bug bounty hosting, consultation, and program management services to blockchain and smart contract projects.

Mitigo Group

Mitigo Group

Mitigo offers a well considered and effective approach to keeping businesses completely secure from any digital attacks.

TAFEcyber

TAFEcyber

TAFEcyber is an Australian based consortium focusing on the skilling of the fast-growing cyber security workforce through education and training.

DV Cyber Security

DV Cyber Security

DV Cyber (formerly A76) is an innovative cyber security company vertically focused on Threat Intelligence and Cyber Security Research.

SecureAck

SecureAck

From our A-Op SaaS automation platform to Managed Automation-as-a-Service (MAaaS), SecureAck offer powerful security automation the way that best suits your organisation's needs.