IMO hit by “sophisticated” cyber attack, media report

It would appear that maritime cyber security is once again in the headlines. Following the recent ransomware attack on CMA CGM, news has emerged that the United Nation’s regulatory body for shipping, has suffered a “sophisticated” cyber attack.

At the time of writing, even the IMO’s public-facing pages were offline. Media reports state that the same is true of the organisation’s intranet, as IT technicians have shut down key systems in order to prevent further damage.

The exact nature of the attack has not yet been made public, but with staff still working remotely, systems are always going to be at risk, as new attack vectors are available to APT groups and criminals. Quite what could be achieved by attacking the IMO remains unclear, but it provides yet another wake up call to the maritime industry as a whole. After all, if the regulatory body can be taken offline so easily, how secure are shipping companies, ports and related maritime firms?

Hackers may already be hitting ports, say experts

by Martyn Wingrove

Ports are on the front line of the maritime industry’s cyber war and are vulnerable to hackers and cyber attacks, panellists told attendees during Riviera’s ‘Where port security meets cyber security’ webinar, held in association with the Maritime Transportation System – Information Sharing and Analysis Center (ISAC)

The key message from cyber security experts was that operators and authorities need to know their vulnerabilities and be prepared for a constant barrage of cyber threats.

Panellists offered insights into an array of cyber risks facing the maritime industry as well as guidance on how to cost-effectively mitigate those threats.

To continue reading, please click here.

Source: rivieramm.com

Report: Maritime Cyberattacks Have Quadrupled Since February

The British Ports Association and the UK-based risk management firm Astaara have released a new study on the wave of cyberattacks seen by maritime stakeholders over the past four months.

In one high profile attack in May, computer systems at Iran’s Shahid Rajaee port facility at Bandar Abbas, creating traffic jams and serious operational disruption. Astaara believes that the attack came in direct response to a failed Iranian cyberattack on an Israeli water facility in April. (Iran has denied any involvement in the earlier incident.) U.S. officials told the Washington Post that Israeli forces orchestrated the retaliatory hack on Shahid Rajaee.

To continue reading, please click here.

Source: maritime-executive.com

Report: Maritime Cyberattacks Up by 400 Percent

Cybersecurity consultancy Naval Dome has reported a 400 percent increase in attempted hacks since February 2020. The primary cause is an increase in malware, ransomware and phishing emails attempting to exploit the COVID-19 pandemic, but Naval Dome says that global travel restrictions, social distancing measures and the economic recession are beginning to cut into companies’ self-defense capabilities.

In addition, since OEM technicians have a harder time traveling to service systems on board ships and rigs, they are increasingly making “remote” service calls that require the operator to bypass security protections – creating an opening for a cyberattack.

To continue reading, please click here.

Source: maritime-executive.com

U.S. Maritime Stakeholders Launch Cyber Threat Clearinghouse

A group of American seaports and maritime stakeholders have decided to address cybersecurity threats by launching a new non-profit, the Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC).

The new organization’s objective is to promote cybersecurity information sharing throughout the maritime community. A group of leaders from seaports, shipowners and terminal operators recognized the need to improve their own cybersecurity resiliency, and since resources are limited, they realized the best approach was to work with their peers to identify, protect against, and detect cyber threats. Information sharing and analysis efforts will focus on threats to both information technology (IT) and operational technology (OT) systems, which stakeholders can use to prevent or minimize potential cyber incidents.

To continue reading, please click here.

Source: maritime-executive.com