The Top 5 Cyber Activities Targeting Maritime Industry

Wednesday, November 6, 2024

In the first half of 2024, the Threat Intelligence team within Marlink’s Security Operations Centre has observed several activities carried out by malicious actors targeting the maritime industry.

These activities include phishing, where malicious actors sending fraudulent e-mails or messages try to trick individuals into revealing sensitive information like passwords or financial details.

Phishing attack trends include HTM/HTML documents with embedded links and QR codes to credential harvesting login landing pages hosted on difficult-to-block infrastructure, and typosquat and BEC senders.

Also, commodity malware was used to target the sector, whereby widely available malware is typically sold or distributed for common use by cybercriminals, often used in large-scale, automated attacks.

DDoS attacks are also one of the malicious activities carried out by the attackers where multiple systems overwhelm a target server or network with excessive traffic, causing it to become unavailable to users, especially port infrastructure and maritime transportation companies.

Typosquat domains and DMARC were also used, were domains that mimic legitimate websites with slight misspellings are set up with the aim to trick users into visiting them to steal information or distribute malware.

Another technique used by cyber criminals is password spraying - a type of brute-force attack where attackers try a few commonly used passwords across many accounts to avoid detection and gain unauthorized access. VPN gateway user accounts have been widely exploited by trying common passwords.

If you are in New Orleans on November 13, 2024, sign up now for a free lunch and moderated conference discussion to learn more about the new United States Coast Guard (USCG) cyber security rules and their impact on the vessel owner/operators, OEMs and shipyards. Featured speakers include:

  • Rear Admiral Wayne R. Arguin Jr., Assistant Commandant for Prevention Policy (CG-5P), U.S. Coast Guard
  • Dain Detillier, Executive VP – LNG Operations, Harvey Gulf, LLC
  • Stewart Alpert, Chief Information Security Officer & Head of Technology, Hornblower Group
  • Angeliki Zisimatou, Director, Cybersecurity, American Bureau of Shipping
  • Phillip Bannerman, VP Sales Americas, Marlink
Categories: Technology Industry News Cyber Security Activity Conference

Related Stories

Eco Wave Power Gets Permit for Its First US Wave Energy Project

DNV, Seatrium Team Up for Innovation in Marine and Offshore

TechnipFMC to Supply Subsea Trees for Suriname’s First Oil and Gas Field

Current News

Danos Leaders Recognized in “40 Under 40” Lists

ExxonMobil to Drill for Gas Off Cyprus in January

Mocean Energy Raising Funds to Advance Wave Energy Tech

Seadrill’s Drillships Getting Ready to Start Work Off Brazil

Subscribe for OE Digital E‑News