Throughout the world, shipping is one of the most inexpensive and convenient transportation methods for manufacturers to send their products to customers and procure low cost raw material from suppliers. The World Shipping Council reported that there were over 680 physical pirate attacks on ships worldwide since 2014. However as ships and freight companies embrace advanced technologies, so-called “cyber pirates” are attacking the software systems of ships and the shipping companies remotely and causing far more damage than pirates who physically attacked the ships.
Increasingly, shipping companies are getting modernized for greater efficiency, incorporating the latest technology for better monitoring and control, faster data processing and automated systems. Global Position systems (GPS), Internet of Things (loT) and advanced control systems are widely used in ships. Using loT sensors, a freight company can monitor the location of the ship, maintenance problems, foresee any weather hazards which the ship is facing and get these updates in real time from the crew on board the ship.
However, the data is not transferred via a secure, encrypted network, leaving the entire system vulnerable to attack. Confidential, critical data can be misused by the hackers, and in some cases it can be manipulated. For example, in a major attack on Maersk in 2017 their payment and invoicing system was affected. The hackers modified text in the emails sent by the fuel suppliers to the shipping firm, changing the bank account into which fuel payment was to be transferred.
Millions of dollars were transferred to the hackers bank accounts before Maersk realized that their system had been breached. Maersk and others were also hit by an attack using “NotPetya” malware which held their systems hostage until a ransom was paid. Maersk operations at 76 ports worldwide were affected as their employees were forced to perform various tasks manually. These cyber-attacks cost Maersk approximately $300 million and highlighted the great risk posed by cyber pirates who damage shipping companies by exploiting loopholes in newer technology.
Many of the problems faced by the shipping companies are caused by rapid adoption of the latest technology before they’ve been properly vetted. Most software suppliers will release updates to their systems when a security flaw is detected, however, many of the freight company’s crew are not trained to update the software or firmware to the latest version available, increasing the risk of a cyber attack. In other cases, poor security practices like using easily guessed passwords like”1234″ lead to easy access for cyber pirates. According to an Internet Task Force, thousands of new versions of malicious malware are released daily, however many of the systems on ships do not have any anti-virus or anti-malware software installed.