Marlink Sees Rise in Cyber Threat Activity
According to satcom provider Marlink, cyber threat activity is on the rise and is rapidly evolving as hackers find new ways to bypass security measures.
Marlink operates a cybersecurity center that covers the operations of 1,800 vessels around the globe. In the last six months, the center has observed a significant rise in malicious activity compared with the first half of 2023, including 79 "major incidents" across the managed fleet.
The threat landscape is still dominated by phishing attacks, which involve tricking a company employee into giving up login information so that the hacker can access a corporate network. The human factor remains the most frequently exploited vulnerability in the security chain, and advanced hackers are coming up with new ways to exploit unwary users. Marlink has seen a marked increase in the number of attacks that use "reverse proxy phishing," a method of stealing login credentials without alerting the employee that anything has happened. In a reverse proxy phishing attack, the attacker does not have to fraudulently recreate a fake version of a legitimate website. Instead, they create a proxy in between the user and the real website, and the user never knows that their login information is passing through the hands of a hacker.
Once an attacker has stolen login credentials through a fishing attack, they can move on to other ways of exploiting the system. This could be installing command & control software so that the corporate system can be misused remotely; enslaving the system into a botnet; or installing persistent remote access software that allows the hacker to watch and steal data over time.
In addition to threat actors who want to steal data, maritime operators have to watch out for ransomware groups, which have caused some of the most disruptive attacks in industry history. Marlink has identified nine ransomware gangs that are active in targeting maritime, including some of the biggest household names in this form of crime - BlackCat, PLAY, Black Basta and BianLian, among others.
"Ransomware remained one of the primary threats to maritime targets in the first half of the year, as it significantly disrupts operations and causes considerable economic damage. Attacks have paralyzed critical systems, delayed shipments, and compromised logistics, resulting in operational downtime and costly ransom demands," warned Marlink. "This combination of operational impact and financial loss makes ransomware remain a major concern for the maritime industry."
The best defense, according to Marlink, is to have a good security operations center (SOC) on your team to provide proactive monitoring.
"Malicious actors [are] evolving their attack patterns and launching fraudulent campaigns that bypass previously effective security controls, such as two-factor authentication, forcing us to react and raise the security level to ensure operations are safeguarded," explained Nicolas Furgé, President Digital, Marlink.