Shipmanagement software vendors have been warned to be on their guard with experts suggesting this maritime niche is becoming the focus of hackers.
with Voyager Worldwide and DNV’s ShipManager software both hit by cyber attacks in the past couple of months, and other cyber incidents happening but going unreported, there is strong speculation that hackers are targeting this type of software provider, with links to hundreds of ships among client bases.
“We’re watching this trend closely as it’s worrying there’s a number of attacks on shipping software in reasonably close succession,” commented Daniel Ng, the CEO of CyberOwl, a UK-based cyber security firm. “This is part of a wider pattern of attackers targeting supply chains and supplier systems. It makes economic sense for them – they can impact multiple vessels, rather than singular vessels,” added Ng.
A shipping cyber security survey published last year by CyberOwl, maritime innovation agency Thetius and law firm HFW, found that 44% of respondents reported that their organization has been the subject of a cyber attack in the last three years. Of those, 3% resulted in a ransom being paid by the victim to the attacker, at an average cost of $3.1m.
Dr Kimberly Tam, a lecturer in cyber security at the University of Plymouth in the UK, told Splash that of the recently reported maritime-related attacks, many had focused on software solutions.
“Management software can be a valuable target, so it would make sense that it is targeted or accidentally infected by malware designed for similar systems. Because it is IT software it is probably more familiar to attackers out there and existing malware,” Tam explained.
DNV has revealed its ransomware attack earlier this month affected 70 customers and around 1,000 ships.
“Although this data has not appeared on major marketplaces yet, assuming the attack was successful, it’s only a matter of time. Valuable exfiltrated data from a company like DNV likely includes data from onboard operational tech, which could make it quite simple for a bad actor to gain insight into the operational environment and potentially develop a cyber attack on the operational systems,” said Joshua Cruse, a senior cyber threat analyst at Shift5, transportation security and data company.
Given the fact that operational technology has historically relied on security through obscurity, it would be “incredibly easy” to leverage that information for malicious reasons, potentially bringing fleets to a halt, Cruse said.