The average shipping company will suffer a cyber attack every five days driven by indiscriminate “spray and pray” attacks by cyber criminals casting their net wide to make money, according to a new report.
DNV Cyber, the cyber security division of classification society DNV, said an average company will see 65 to 80 cases a year of breaches, suspicious activity or identified threats from insiders that could potentially knock out systems and force vessels out of action.
Daniel Ng, the chief executive of DNV-owned cyber security company CyberOwl, said that many of the companies targeted might believe they had not been attacked as they replaced computers knocked out by malware without understanding the nature of the problem.
The maritime sector has been accused of long neglecting the threat from cyber attacks, in part based on a belief that vessels were less vulnerable to attack because of limited connectivity.
With at least 42,000 ships now connected to satellite services, the “air gap” that once protected vessels has closed, the DNV report said. The survey of nearly 500 industry professionals found that the rate of attacks was increasing rapidly.
Nearly one in three respondents reported at least one infiltration by cyber attackers in the 12 months to October 2024, compared to 17% the previous year. The vast majority of attacks are not directed at shipping but the industry has been caught up in trawling attempts by criminals to make money.
Ng said about 1% of the attacks were written in a way to target individual vessels linked to geopolitical hot spots, predominantly involving Russia and the Middle East.
“In the last 12 months, what we’ve seen is that if you’re an Israeli shipowner there have been more attempts, though not necessarily successful attempts,” Ng told reporters at the launch of the new report, Maritime Cyber Priority.
Explosive cargo
He said the company had not seen any impact on Israeli-linked ships from a cyber attack but “the more explosive the cargo in general, the more attempts”.
Far more common are attacks involving ransomware, which locks up computers unless the user pays money, usually in Bitcoin, to the cyber-criminal.
Ransomware attackers across all industries collected some $1bn in cryptocurrency payments in 2023, said the report.
But the nature of systems on a ship means that the ransomware might not work as cyber attackers intended and merely result in them breaking down without the breach being recognised as a cyber breach, said Ng.
The cost of the attacks could be high. The report cited the case of one identified cruise ship that returned to port after losing onboard systems, with costs running to $210m, DNV Cyber said in the report.
“Shipping, at this stage, is still lucky enough that it’s not being a specifically targeted sector yet,” said Ng.
The report highlighted key vulnerabilities in the maritime sector, including the continued widespread use of USB sticks.
In July, devices containing malware were found plugged into computers on vessels in Norway, Greece and the Netherlands to try to gain remote access to onboard systems.
Chinese hackers were believed to be behind the spread of the infected USB sticks that may have been handed out at maritime events, Norwegian broadcaster NRK reported.
The report said that the same malware code was found in multiple locations onboard vessels across various sites over several months.
In a separate case, the same USB stick used at one port spread espionage-linked malware to eight vessels, according to the report.
Spreading virus
“A threat starts on one ship or terminal and can quickly spread across multiple fleets,” said Ng.
The DNV survey revealed that 61% of the professionals were prepared to accept the risk of cyber attacks if it allowed for increased digitalisation and new technologies.
The report indicated that the industry’s tolerance for risk was significantly higher than that of other sectors surveyed, including energy and healthcare.
While a majority were prepared to accept that risk, the survey also found that even more, 76%, believed that cyber-security training within their companies was not advanced enough to tackle the most sophisticated attackers.
Svante Einarsson, head of maritime cyber security at DNV Cyber, said: “Organisations may feel they are prepared as more resources are being deployed to manage cyber risk, but the reality is more complex than that.”
“Businesses have a sophisticated adversary to contend with, which complicates the picture significantly.”
Read more
- DNV snaps up British digital security firm CyberOwl
- ‘Intensified sabotage’: US warns Russia stepping up attacks on Western shipowners
- Shipping has left gates ‘wide open’ for cyber attacks
- ‘If you can hit one ship, you can hit 1,000’: Why shipping is playing catch-up on cyber attacks
- Shipowners join newbuilding dash as costly cyber rules loom