Malware on the High Seas: US Coast Guard Issues AlertPhishing Attack Against International Vessel Triggers Maritime Warnings
The U.S. Coast Guard has issued an alert about an increase in malware attacks targeting the networks of commercial vessels. It's warning ship owners to take more cybersecurity precautions.
In May, the Coast Guard noted in another alert that attackers were attempting to use phishing techniques to steal data and other information about vessels and their voyages.
The latest alert stems from an incident in February, when Coast Guard investigators were called to examine reports of a cybersecurity incident aboard an international deep draft vessel bound for the Port of New York and New Jersey, according to the document. In that case, malware infected the vessel's network and some computer systems, but it did not cause any significant damage, according to the Coast Guard.
"The team concluded that although the malware significantly degraded the functionality of the onboard computer system, essential vessel control systems had not been impacted," according to the Coast Guard alert issued Monday. "Nevertheless, the interagency response found that the vessel was operating without effective cybersecurity measures in place, exposing critical vessel control systems to significant vulnerabilities."
The Coast Guard notes that it's still investigating the cybersecurity incident. It's not yet clear how the malware infected that vessel's network, especially because the crew did not extensively use the ship's network for personal business, such as online banking and email, the report notes.
The ship's network was mainly used for official business, including updating electronic charts, managing cargo data and communicating with shore-side facilities, pilots, agents and the Coast Guard, according to the report.
Although it's mainly known for its coastal defense and maritime law enforcement roles, the Coast Guard is also involved in investigating certain cybersecurity incidents.
In 2018, for instance, the Coast Guard, along with the FBI and the U.S. Department of Homeland Security, investigated a ransomware attack that affected the Port of San Diego, disrupting the commercial shipping industry (see: Ransomware Crypto-Locks Port of San Diego IT Systems).
The shipping industry, which is relying more on internet-connected networks and devices, is growing more susceptible to malware and other cybersecurity disruptions.
In June 2017, the NotPetya ransomware attack affected Danish shipping giant A.P. Møller - Maersk, the world's biggest shipping firm. The company was then forced to reroute ships and was unable to dock or unload cargo ships in dozens of ports (see: Maersk Previews NotPetya Impact: Up to $300 Million).
Maersk estimated that it would lose about $300 million because of the ransomware outbreak.
The Coast Guard notes in this week's alert: "With engines that are controlled by mouse clicks, and growing reliance on electronic charting and navigation systems, protecting these systems with proper cybersecurity measures is as essential as controlling physical access to the ship or performing routine maintenance on traditional machinery. It is imperative that the maritime community adapt to changing technologies and the changing threat landscape by recognizing the need for and implementing basic cyber hygiene measures."
In its May 24 Marine Safety Information Bulletin, the Coast Guard noted that attackers were attempting to gain information and data, such as a vessel's "notice of arrival," by sending phishing emails using addresses similar to those of official Port State Control authorities.
This week's alert also offers risk mitigation advice, including:
- Create segmented networks to make it more difficult for attackers to gain access to all of a vessel's systems and equipment;
- Enforce better password management and create user profiles for the ship's crew as well as limit administration accounts;
- Discourage crew members from using external media, such as USB drives;
- Update security software and patch systems as alerts are posted.
"Maintaining effective cybersecurity is not just an IT issue, but is rather a fundamental operational imperative in the 21st century maritime environment," the alert states. "The Coast Guard therefore strongly encourages all vessel and facility owners and operators to conduct cybersecurity assessments to better understand the extent of their cyber vulnerabilities."