Surge in Maritime Cyber Attacks Reported

June 15, 2020

Maritime and offshore energy companies are facing a number of new challenges brought on by the coronavirus pandemic. One of these is an increase in cyber security threats, reports Naval Dome, who says there's been a 400% increase in attempted cyber attacks in these sectors since February 2020.

While an increase in malware, ransomware and phishing emails exploiting the COVID-19 crisis is the primary reason behind the spike, cyber security specialist Naval Dome says travel restrictions, social distancing measures and economic recession are reducing companies’ abilities to sufficiently protect themselves.

“COVID-19 social restrictions and border closures have forced OEMs, technicians and vendors to connect standalone systems to the internet in order to service them,” says Naval Dome CEO Itai Sela.

The global crisis and social distancing measures are preventing OEM technicians flying out to ships and rigs to upgrade and service critical OT systems, resulting in operators circumventing established security protocols, leaving them open to attack.

“As budgets are cut and in the absence of service engineers, we are seeing ship and offshore rig staff connecting their OT systems to shoreside networks, at the behest of OEMs, for brief periods of time to carry out diagnostics and upload software updates and patches themselves,” Sela explains.

“This means that their IT and OT systems are no longer segregated and individual endpoints, critical systems and components may be susceptible. Some of these are legacy systems which have no security update patches and are even more susceptible to cyber attack.

“The increase in OEM personnel working remotely on home networks and personal PCs, which are not well protected, adds to the problem.”

Sela says that during the first three months of 2020, attacks targeting home workers increased tenfold, adding that PC security software provider McAfee has reported that that between January and April cloud-based cyber-attached on all businesses increase by 630%.

He adds that the economic downturn and the drop in the price of crude oil is also having an effect, with oil companies and contractors being faced with limited budgets available to implement effective cyber security measures.

“Companies are stretched thin, and this is benefitting the hacker,” Sela says.

“It is not sufficient to protect only networks from attack,” Sela says. “Each individual system must be protected. If networks are penetrated, then all connected systems will be infected.

“Our philosophy is that all systems must be protected using a risk ranking. If it is, then the entire platform is protected from both internal and external attack vectors. If only the network is protected, then whatever enters the net (such as an unintentional attack from authorized personnel) will infect all connected systems. This philosophy is more cost-effective.”

Ido Ben-Moshe, Vice President Business Development, says the problem is particularly acute in the marine and offshore oil and gas sectors. “If hackers penetrate networks, and critical equipment is exposed there could be significant safety, downtime, financial and potential reputational damage.

Ben-Moshe adds that remote working and the introduction of remotely controlled, autonomous technologies is likely to take place at a faster pace in a post-coronavirus world.

“This will see companies face new cyber security challenges if they fail to implement adequate protective measures,” he says.