U.S. Coast Guard Warns of Cyberattacks Targeting Merchant Ships
The U.S. Coast Guard warns that unidentified hackers have recently attempted to gain access to ship electronic systems in order to steal sensitive business information and disrupt shipboard computer systems.
According to the Coast Guard, cyber adversaries are attempting to gain sensitive information from shipboard systems, including the contents of an official Notice of Arrival, using email addresses that pose as an official Port State Control authority (for example, port @ pscgov.org). These so-called "phishing" attacks have been documented before in the maritime sector, especially in business-to-business transactions between shoreside stakeholders. The Coast Guards urges vessel operators to verify the validity of the email sender prior to responding to unsolicited email messages. If there is uncertainty regarding the legitimacy of the email request, the vessel or its representatives should try contacting the PSC authority directly by using verified contact information.
Additionally, the Coast Guard has received reports of malicious software designed to disrupt shipboard computer systems. The USCG is aware of these incidents because vessel masters have reported suspicious activity to the Coast Guard National Response Center (NRC), thereby enabling federal agencies to understand and address cyber threats in the maritime sector. By federal regulation, American vessels must report cyberattacks and suspicious activity to the NRC.
Phishing attacks are a longstanding problem in the maritime sector: cyber criminals send legitimate-looking correspondence to solicit payments, defrauding the ship operator or other stakeholder by getting them to wire money to the wrong account. In 2014, marine insurer Skuld drew attention to a case in which a scammer pretended to be the Suez Canal Authority and emailed vessels to ask for detailed and confidential information. The scammer would then ask for the settlement of fake invoices, defrauding the vessel operator.
Skuld warned that the risks from this form of cyberattack could extend well beyond monetary losses. If a malicious actor obtained sensitive information about a vessel's itinerary, schedule and operations, it could compromise the vessel's security and make it more vulnerable to a physical attack like armed robbery or hijacking.