Cyber consultants Red Sky Alliance with maritime security specialists Dryad Global have started publishing a weekly list of names of ships appearing in malicious emails with hackers increasingly targeting this niche with malware or phishing links.
The weekly reports come at a time where maritime organisations are coming under increasingly sophisticated attacks with the charity, International Seafarers’ Welfare & Assistance Network, becoming the latest organisation to suffer at the hands of hackers, reporting today emails are being sent out with subject lines asking for your opinion on seafarers’ welfare and a malware link contained in the email (see Tweet below).
ATTENTION: If you receive this fraudulent e-mail or one which looks similar, please delete it and do not click on the link. It has not been sent out by ISWAN. Please e-mail us at firstname.lastname@example.org if you have any concerns. pic.twitter.com/GKBNg3X7R8
— ISWAN (@iswan_org) February 25, 2020
Red Sky Alliance has been carrying out weekly queries of backend databases, identifying all new data containing Motor Vessel (MV) and Motor Tanker (MT) in the subject line of malicious emails.
“Email subject line Motor Vessel (MV) or Motor Tanker (MT) keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments,” Dryad Global explained in a note to clients.
The new weekly list shows vessels being impersonated with associated malicious emails.
“The identified emails attempted to deliver malware or phishing links to compromise the vessels and/or parent companies. Users should be aware of the subject lines used and the email addresses that are attempting to deliver the messages,” Dryad Global advised.
The collection in the image at the bottom of this report from Dryad Global shows malicious actors attempting to use vessel names to try to spoof companies in the maritime supply chain. This week has seen a large percentage of these malicious emails attempting to deliver the Trojan malware Wacatac, with the D variant showing up for the first time.
Hackers impersonating Maersk ships have also been picked up this month by the Red Sky Alliance. Maersk was subject to one of shipping’s most infamous hacks a couple of years ago.
“These analyses illustrate how opening any infected email, could cause a recipient to become an infected member of the maritime supply chain and thus possibly infect victim vessels, port facilities and/or shore companies in the marine, agricultural, and other industries with additional malware,” Dryad Global noted in its advisory to clients, warning that malicious hackers are developing new techniques to evade current detection daily.
A report from PwC last month on maritime cyber security noted: “As the industry becomes increasingly interconnected, stakeholders need a plan for responding to cyber incidents in a proportionate and appropriate way. Additionally, from design to operation and their use of third parties, security due diligence should be at the forefront of board’s agendas when acquiring new businesses, systems or software in order to minimise the impact of allowing threat actors to compromise or disrupt their critical services.”
Ken Munro, from cyber security firm Pan Test Partners, writing on the company’s blog page last week, warned: “Hackers will come to every industry, starting with those with the weakest security. Why develop hugely costly nation-state grade malware to hack a bank when you can exploit Windows XP systems in shipping and generate similar returns?”