Did You Know? Six Steps Cyber Attackers Take to Steal Maritime Data

© sdecoret / Adobe Stock
© sdecoret / Adobe Stock

Infostealers, a type of malware designed to steal sensitive information from an infected system, has marked significant rise in the first half of 2024 in the maritime domain, Marlink’s Security Operations Center (SOC) has reported.

The whole process involves six steps – starting from initial infection to the exploitation of acquired data, which can have serious consequences for the maritime industry, which relies heavily on interconnected systems and digital platforms.

The initial infection of the system occurs when a malicious file is downloaded by the victim after clicking on malvertising unwillingly while web browsing. Then, the payload executes the malicious code, using an automated script that avoids detection by security software.

The next step is the credential and data collection, when the infostealer searches the system for stored credentials and sensitive information (passwords, autofill data, cookies): web browsers, FTP clients, cryptocurrency wallets, and e-mail. The data exfiltration takes place by sending the encrypted stolen data to a remote command and control (C2) server controlled by the attacker.

The infostealer then installs persistence mechanisms to remain on the device and continue stealing information over time, as the attacker uses the stolen credentials for further attacks or selling the data on the dark web for profit.

The U.S. Coast Guard (USCG) plans to introduce new cyber security rules soon, which will have an impact on maritime and offshore energy industries.

If you are in New Orleans on November 13, 2024, sign up now for a free lunch and moderated conference discussion to learn more about the new USCG cyber security rules and their impact on the vessel owner/operators, OEMs and shipyards. Featured speakers include:

  • Rear Admiral Wayne R. Arguin Jr., Assistant Commandant for Prevention Policy (CG-5P), U.S. Coast Guard
  • Dain Detillier, Executive VP – LNG Operations, Harvey Gulf, LLC
  • Stewart Alpert, Chief Information Security Officer & Head of Technology, Hornblower Group
  • Angeliki Zisimatou, Director, Cybersecurity, American Bureau of Shipping
  • Phillip Bannerman, VP Sales Americas, Marlink

Current News

DeepOcean Lands Its Largest IMR Contract to Date for Equinor’s Norwegian Assets

DeepOcean Lands Its Largest IM

Equinor to Axe 250 Jobs as Part of Renewables Unit Streamlining

Equinor to Axe 250 Jobs as Par

Netherlands to Enlist Private Firms to Protect North Sea Assets from Russian Sabotage

Netherlands to Enlist Private

ONE Guyana FPSO to Depart for Yellowtail Field Early in 2025

ONE Guyana FPSO to Depart for

Subscribe for OE Digital E‑News

Offshore Engineer Magazine