Lack of patching leaves maritime sites open to remote control risk

Lack of patching leaves maritime sites open to remote control risk

Copenhagen: CyberKeel, which focuses on cyber security in the maritime sector, has warned a number of important shipping websites could be taken over easily by hackers.

On April 14 Microsoft released a software patch related to a vulnerability found in all versions of Windows. The application, which is most affected, is used to host webpages. According to Microsoft, the vulnerability could at worst result in someone else taking control of the webserver over the internet.

Cybersecurity experts at CyberKeel decided to test to which degree the maritime sector remained vulnerable to this risk. Spot checks were performed on 50 different maritime sites. First they were tested to see whether the webservers were using Microsoft, and if they were, whether they remained vulnerable. The result was that 37% of the webservers using Microsoft had not been patched, and hence remained vulnerable.

The vulnerable sites included three major container carriers, which Splash has learnt are MSC, Hapag Lloyd and Hamburg Süd, as well as important systems at a number of ports, such as the vessel traffic management system in Gothenburg, the road haulier identity system in Felixstowe and the main site of the Copenhagen port authority.

CyberKeel’s CEO, Lars Jensen, commented: “Complex systems, such as those provided by Microsoft, are often in need of software patching to plug security holes. Companies need their IT departments to be able to quickly install software patches, as the hacker community operates on decidedly short timeframes. As an example, it took less than 12 hours from the point where Microsoft released the patch, until you could find simple instructions on the internet as to exactly how to exploit this weakness to cause a denial of service.”

CyberKeel was recently participating in a symposium at Rutgers University organized in part by a department of Homeland Security. Therein Vice Admiral Charles Michel of the US Coast Guard told of an incident whereby a hacker brought a port on the US eastern seaboard to a standstill. According to Jensen, this shows that the risk to the maritime community is real, and it is worrying that even simple security measures such as applying software patches are not ingrained in the industry.

As well as CyberKeel, Jensen runs container shipping analysis firm SeaIntel. He also contributes to our sister title, Maritime CEO magazine.

Sam Chambers

Starting out with the Informa Group in 2000 in Hong Kong, Sam Chambers became editor of Maritime Asia magazine as well as East Asia Editor for the world’s oldest newspaper, Lloyd’s List. In 2005 he pursued a freelance career and wrote for a variety of titles including taking on the role of Asia Editor at Seatrade magazine and China correspondent for Supply Chain Asia. His work has also appeared in The Economist, The New York Times, The Sunday Times and The International Herald Tribune.

Related Posts

2 Comments

  1. Maritime cybersecurity firm: 37% of Microsoft servers on ships vulnerable to ... - Maritime Security World | Maritime Security World
    May 5, 2015 at 10:15 am

    […] as the hacker community operates on decidedly short timeframes,” CyberKeel CEO Lars Jensen told Splash24/7. “As an example, it took less than 12 hours from the point where Microsoft released the […]

  2. A Week in Security (May 03 – May 09) | Malwarebytes Unpacked
    May 11, 2015 at 12:52 pm

    […] Lack of Patching Leaves Maritime Sites Open to Remote Control Risk. “CyberKeel, which focuses on cyber security in the maritime sector, has warned a number of important shipping websites could be taken over easily by hackers.” (Source: Splash 24/7) […]