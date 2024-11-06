In the first half of 2024, the Threat Intelligence team within Marlink’s Security Operations Centre has observed several activities carried out by malicious actors targeting the maritime industry.

These activities include phishing, where malicious actors sending fraudulent e-mails or messages try to trick individuals into revealing sensitive information like passwords or financial details.

Phishing attack trends include HTM/HTML documents with embedded links and QR codes to credential harvesting login landing pages hosted on difficult-to-block infrastructure, and typosquat and BEC senders.

Also, commodity malware was used to target the sector, whereby widely available malware is typically sold or distributed for common use by cybercriminals, often used in large-scale, automated attacks.

DDoS attacks are also one of the malicious activities carried out by the attackers where multiple systems overwhelm a target server or network with excessive traffic, causing it to become unavailable to users, especially port infrastructure and maritime transportation companies.

Typosquat domains and DMARC were also used, were domains that mimic legitimate websites with slight misspellings are set up with the aim to trick users into visiting them to steal information or distribute malware.

Another technique used by cyber criminals is password spraying - a type of brute-force attack where attackers try a few commonly used passwords across many accounts to avoid detection and gain unauthorized access. VPN gateway user accounts have been widely exploited by trying common passwords.

