Marlink: Stronger policy and user awareness against cyber threats
Marlink’s Group Security Operations Center has published its global maritime cyber threat report finding a need for stronger enforcement of software policies, better endpoint control, and user awareness on vessels.
Evolution of cyber threats during
According to the report, during the second half of 2024, (H2) there had been an evolution in cyber threats, as malicious actors have adopted increasingly efficient, structured, and business-like approaches to cybercrime. Cybercriminals streamlined their tactics, enhanced their operational efficiency, and adopted emerging technologies to expand their attack capabilities.
Adoption of generative artificial intelligence in cybercrime
One of the most significant developments has been the increase in the adoption of generative artificial intelligence (genAI). Off-the-shelf large language models (LLMs) have become a critical tool for adversaries, allowing them to accelerate malware development, automate phishing campaigns, and refine social engineering tactics. This has led to a surge in AI-assisted cyberattacks. Some actors have leveraged genAI to assist in developing malicious scripts and exploits designed to specifically target CVEs (known cyber security vulnerabilities).
Unprecedented speed of cyberattacks
The speed of attacks has also reached unprecedented levels. The average breakout time—the period it takes for an adversary to move laterally within a network—has been significantly reduced, now taking less than an hour in most incidents, with some cases occurring in under a minute. This rapid movement highlights the critical need for real-time threat detection and response measures.
Growth of organised cybercriminal ecosystems and access brokers
Additionally, the cybercriminal ecosystem has become more organised, with access brokers thriving. The sale of network access has doubled in the past year, as cybercriminals increasingly turned to access broker services to gain entry into corporate environments. This shift coincides with a decline in traditional phishing-based initial access, as attackers favour alternative infiltration methods, such as social engineering via telephone-based exploitation (vishing) and abuse of remote monitoring and management (RMM) tools.
Shift towards hands-on-keyboard techniques
Also, in H2 an overwhelming number of observed attacks did not rely on malware, marking a shift towards hands-on-keyboard techniques. Cybercriminals have increasingly mimicked legitimate user behaviour to evade detection, engaging in interactive intrusions that blend seamlessly with normal network activity.
Exploitation of publicly available vulnerability research
Furthermore, attackers have continued to exploit publicly available vulnerability research, targeting weaknesses in cloud environments and peripheral network devices, including OT systems. Exploiting identity-based vulnerabilities has become a primary attack vector, with adversaries leveraging compromised credentials and trusted relationships to move deeper into systems.
Key takeaway
In the six-month period to December 2024, Marlink’s global SOC network monitored 1,998 vessels and recorded:
- 9 billion security events
- 39 billion firewall events
- 718,000 alerts generated
- 10,700 malware incidents detected
- 50 major incidents managed
These figures reflect a sharply growing cyber threat landscape in which attackers are becoming more agile, innovative and business like in their operations. The data highlights a need for stronger enforcement of software policies, better endpoint control, and user awareness on vessels. Addressing these foundational issues will significantly reduce risk and improve operational resilience.
Recommendations
- Enforce strict software usage policies and block unauthorised applications.
- Deploy application control or whitelisting on onboard systems.
- Conduct regular vulnerability assessments and audits for endpoint hygiene.
- Educate crew and technical teams on safe software practices and the risks of cracks and unofficial tools.
Forecasting the evolution of cyberattacks in 2025
Looking ahead to 2025, the cyber security landscape is expected to become increasingly complex and challenging. Cybercriminals will continue to refine their tactics, leveraging emerging technologies, and exploiting new vulnerabilities. Based on current trends and technological advancements cyberattacks are likely to evolve in the following direction:
-
AI-Powered cyberattacks
Cybercriminals will leverage AI to automate and optimise their attacks, creating more sophisticated phishing campaigns, developing malware that can adapt to evade detection, and even using AI-driven social engineering to manipulate victims more effectively. -
Increased targeting of IoT and OT Systems
More attacks aimed at disrupting IoT and OT infrastructure, and industrial control systems, are expected. These attacks could have severe real-world consequences, including operational shutdowns and safety risks. -
Expansion of Ransomware-as-a-Service (RaaS)
Ransomware attacks will continue to grow, with the RaaS model becoming even more prevalent. We may see more cybercriminal groups offering ransomware tools and services to less technically skilled attackers, leading to a surge in ransomware incidents. Additionally, attackers are likely to adopt more aggressive tactics, such as double extortion (stealing data before encrypting it) and targeting critical infrastructure. -
Exploitation of 5G vulnerabilities
Cybercriminals may exploit vulnerabilities in 5G infrastructure to launch large-scale Distributed Denial of Service (DDoS) attacks, intercept communications, or compromise connected devices. -
Deepfakes and disinformation campaigns
Deepfake technology will become a powerful tool for cybercriminals in 2025. Attackers may use deepfakes to impersonate executives, manipulate stock markets, or spread disinformation. -
Focus on supply chain attacks
Supply chain attacks, where attackers target third-party vendors to compromise larger organisations, will become more sophisticated in 2025. Cybercriminals will exploit weak links in the supply chain to infiltrate networks, steal intellectual property, or disrupt operations.
H2 2024 saw a marked evolution in cyber threats, as malicious actors adopted increasingly efficient, structured, and business-like approaches to cybercrime, putting additional pressure on the maritime industry. Looking ahead to 2025, the cyber security landscape is expected to become increasingly complex and challenging, increasing the pressure on users to improve protection of assets and people.
… said Nicolas Furge, President, Marlink Cyber.
Content Original Link:
" target="_blank">
