Email is the number one attack vector used by hackers to get access to your company’s confidential data, and email attacks such as phishing are only on the rise.
Developments in the maritime email world and the connectivity between ship and shore continue to bring significant gains for fleet management, efficiency, and crew welfare, but they also increase the vulnerability of critical systems on board vessels to cyber attacks. This puts maritime teams in a vulnerable position whereby hackers can gain access to ship systems, cease communication methods, and damage the overall reputation of the company.
According to a survey conducted in 2019 by Allianz, cyber security was ranked as the second-highest risk for the shipping industry, only behind natural disasters. Maritime teams and their crews must be aware of what they can do to minimize any risks as end-users. Hackers are more likely to target end-users than attempt to get through onboard security systems, simply because they prey on the human factor.
Beware of the Following Cyber Attack Techniques:
- Emails as Government Announcements
We’ve recently noticed an increase in cybercriminals using emails disguised as government announcements that provide false links in an attempt to collect credentials. These fraudulent emails may even include logos and other imagery associated with various maritime administrations and organizations that look legitimate.
- Operational or Industry Disruption Notices
Over the last year especially, we’ve seen disruptions and operational issues throughout every industry, but especially the shipping industry. Cybercriminals have started taking advantage of this by creating fraudulent emails with things like “COVID-19 Company Update” in the subject line and including malicious attachments designed to harvest sensitive data.
- Hidden Malware
Over the years, cybercriminals have only become more sophisticated and skilled at deceiving recipients through cyber attacks. We have seen a rise in malicious emails directing recipients to educational and other related websites riddled with malware.
- Fake invoices
As big amounts of money change hands in the maritime industry. This allows attackers to get big payouts if they are able to redirect any of these payments. We see attackers inserting themselves in an email thread, and changing information in the thread. This could be changing the bank account number on an invoice or in an email to an account controlled by the attacker.
Important Steps for Email Security
There are things you can do to secure your email setup and make it harder for attackers. Here are a few important steps.
- Implement email protocol protections
SPF and DMARC are important technologies that prevent attackers from impersonating your business emails. This allows you to ensure that emails that appear to be sent from you are actually sent from your servers. Nordic IT can help you configure this and we will have more details in a future blog post.
- Filter attachments
Make sure your email gateway filters out unwanted attachments. Microsoft Office files with Macros are very commonly used for initial attacks. We highly recommend that you do not allow these into your network and that you make sure to change any business process that relies on these.
- Remove unwanted emails
If you find an email with malicious content, it is important to get it removed as soon as possible. Especially in working from home scenarios, where you may not easily be able to reach everybody in your team. reMARK has the ability to remove emails from across your entire reMARK system in one action. This allows you to ensure that nobody inadvertently clicks the email, as you can remove it from all mailboxes.
- Be skeptical
If you do see something that is out of place, make sure you don’t click any links or attachments, but that you report it to your IT team, so that they can take appropriate action.
- Patch all of your systems quickly
If someone on your team should click something that they should not have, you should make sure the impact of this is limited as much as possible. Ensuring that all of your systems are always up to date is an important step in limiting the blast radius of any attack.
- Verify important information out of band
Make sure you verify important information like bank account numbers or similar via a different form of communication than email. If an attacker is able to change the content of an email conversation, they may also be able to respond to your enquiries if you find something suspicious. Call the other party on the phone and check if the email content is correct.