France-based network solutions provider Marlink has said that cyber threat activity was on the rise. It was also evolving rapidly, the company warned.
Marlink operates a cybersecurity centre that covers the operations of 1,800 vessels. The company said that during the past six months the centre had observed a significant rise in malicious activity compared with the first half of 2023. This had included 79 so-called major incidents across the managed fleet.
In one way, “old is best”. The cyber-security landscape goes for the weakest link in security – human beings. It was still dominated by phishing attacks, in which a company employee is tricked into revealing login information. However, cyber-crooks have been using cleverer techniques when it comes to fooling even the most security-conscious employees.
Marlink said that it had seen a marked increase in the use of “reverse proxy phishing”, which is a method of stealing login credentials without alerting the employee that anything has happened. A reverse proxy phishing attack does not involve the attacker having to create a fake version of a legitimate website. What the criminal does instead is create a proxy in between the user and the real website. That way the information is gleaned en route to the real web site. The user never knows that the login information has been “wire-tapped”.
Various options are available to the cyber-criminals once they have found a way in to the secure web site. Command & control software enables the criminals to impersonate a legitimate user. Persistent remote access software allows the criminal to watch and steal data over time, without making any changes at all. Gradually over the months a valuable data set can be built up.
The second major option, and the one which can cause the most public damage, is a ransomware attack. Marlink said that it had identified nine ransomware gangs that were currently active in targeting maritime. They included BlackCat, PLAY, Black Basta and BianLian.
Marlink warned that “ransomware remained one of the primary threats to maritime targets in the first half of the year, as it significantly disrupts operations and causes considerable economic damage. Attacks have paralyzed critical systems, delayed shipments, and compromised logistics, resulting in operational downtime and costly ransom demands. This combination of operational impact and financial loss makes ransomware remain a major concern for the maritime industry”.
Nicolas Furgé, President Digital, Marlink, said that “malicious actors” were evolving their attack patterns and launching fraudulent campaigns that bypassed “previously effective security controls, such as two-factor authentication, forcing us to react and raise the security level to ensure operations are safeguarded”.