Marlink: Most common cyber security threats in shipping

Marlink has released the latest global maritime cyber security threat report produced by its Security Operations Centre (SOC).

The report, based on data gathered during the first half of 2024 demonstrates the changing tactics of cyber criminals, who are increasingly attempting to bypass previously effective security controls using new tools. In the first half (H1) of 2024, the Threat Intelligence team within Marlink’s Security Operations Centre has observed the following activities carried out by malicious actors:

Phishing

Malicious actors send fraudulent e-mails or messages to trick individuals into revealing sensitive information like passwords or financial details. Phishing attack trends include HTM/HTML documents with embedded links and QR codes to credential harvesting login landing pages hosted on difficult-to-block infrastructure (e.g., Microsoft), as well as typosquatted and BEC senders. Phishing tactics include the use of open redirects and reverse proxies.

RelatedNews

Inspections of the ship’s store list intensify in Argentina

Watch: American Club’s animation on fire hazards

Commodity Malware

Widely available malware is typically sold or distributed for common use by cybercriminals and is often used in large-scale, automated attacks. For example, Agent Tesla is a phishing payload used for information theft.

DDoS

Attacks involve multiple systems overwhelming a target server or network with excessive traffic, causing it to become unavailable to users, especially affecting port infrastructure and maritime transportation companies.

Typosquat Domains and DMARC

Domains mimic legitimate websites by using slight misspellings, aimed at tricking users into visiting them to steal information or distribute malware. Maritime organizations have been spoofed by different domains.

Password Spraying

A type of brute-force attack where attackers try a few commonly used passwords across many accounts to avoid detection and gain unauthorized access. VPN gateway user accounts have been widely exploited by trying common passwords.

Scanning and Probes

Systematic examinations of systems or networks for vulnerabilities or open ports to exploit by attackers include application server protection violation attempts, SSH failed authorization attempts, SQL scanning, vulnerability scanning, and firewall probing.

Key strategies for strengthening your cyber security defences

Vigilance and proactive measures are essential

Regular training, strong e-mail security, and advanced detection systems play a vital role in reducing the risk of phishing, spam, and other malicious activities.

Timely incident response is crucial

SOC teams must remain vigilant and respond to alerts in real time to minimize potential damage. Automated response mechanisms can be implemented to reduce manual intervention and speed up threat containment.

Continuous improvement of security posture

As threat actors evolve, so must security defences. Continuous monitoring, updating blacklists, improving detection systems, and refining incident response processes are essential in staying ahead of the threat landscape.