As maritime systems become more connected through IoT devices, satellite communications, and remote access solutions, they also become more vulnerable to cyber attacks. The more interconnected these systems are, the larger the attack surface for cybercriminals. This surge in cyber attacks targeting maritime transport only continues to grow and according to Naval Dome, the number has increased 400% in 2020.
Let’s look at some attacks over the last few years:
Rotterdam, June 2017: Ransomware Attack
On 30 June 2017, the port of Rotterdam was infected with ransomware.
Two container terminals had to completely shut down their operations because of the attack. This port had heavily invested in automating their operations to evolve into a Smart Port, which involved incorporating IoT and AI into its systems. As a result, the interconnectivity between IT and OT increased, leaving the ports susceptible to cyber attacks.
The Municipality of Rotterdam, the police, and the port authorities came together to rectify the issue. They appointed a Port Cyber Resilience Officer to enhance the port’s cyber-resilience, improve organizational training, educate stakeholders on cybersecurity issues, and ensure better risk control.
Long Beach, 2018: Ransomware Hit
A year after the attack on the port of Rotterdam, cyber attacks had a domino effect on several international ports. The first hit was on the port of Long Beach in the US, followed by the port of Barcelona. Just one week later, San Diego was a victim, followed by Vancouver.
All these ports that were attacked by ransomware had one thing in common — their IT systems could easily be exploited due to the vulnerabilities and attackers could enter their OT environments through those weak points. This gave the attackers a way in which resulted in disruptions to port operations. They could not recognise that their IT systems were compromised, which allowed the attackers to move laterally within the network and shut down operations.
Shahid Rajaee, May 2020: An Attack Amidst Geopolitical Conflict
The port of Shahid Rajaee in Iran was attacked in May, 2020 and disrupted almost all of its operational processes. The attack caused chaos on the waterways and roads that lead to the facility by creating massive backups. The attackers did this by taking control of systems that regulated the flow of vessels, trucks, and goods and crashing them altogether. The exact cause was not known but the US government deduced this attack to be the result of a cyberwar between Iran and Israel.
South Africa, July 2021: Four Ports, One Attack
Four major ports in South Africa (Cape Town, Ngqura, Port Elizabeth, and Durban) were left in disarray in July 2021. This cyber attack happened after a huge attack on the country’s main freight manager, the Transnet National Port Authority. Reuters reported the attack as “force majeure” which infected the ports’ computer systems, just like a ransomware attack.
Transnet and the national authorities were working on building a Smart Port program and experimenting with the city of Durban when this attack occurred.
Houston, August 2021: Exploiting Weak Authentication
In August 2021, the port of Houston defended an attack that happened due to a critical flaw in a password management solution. Attackers exploited this software flaw, known as CVE-2021-40539 and implanted web shells in the organization’s information system which gave them access to carry out various actions including extracting critical data and injecting malware.
Some cyber defenses that were in place helped counter the threat before it could cause serious damage.
These are just some examples of cyber attacks on ports. Maritime industries deal with valuable data, including sensitive cargo information, vessel routes, and communication logs. This data is valuable to cybercriminals for various purposes, such as financial gain through ransomware attacks or espionage. Therefore, it is crucial to safeguard devices on ports that can serve as entry points for cyber hackers. MicroSec’s solutions for maritime enables ports and vessels to gain visibility into the network, identify unknown devices within the network, and respond to threats to mitigate potential attacks.
Source: https://www.stormshield.com/news/cybermaretique-a-short-history-of-cyberattacks-against-ports/