The Cyber Risk Against Danish Maritime Sector

Ships, shipowners, equipment suppliers, and ports all use sophisticated IT and OT systems increasingly. Cyber-attacks against these systems could potentially disrupt operations and damage business. At worst, cyber-attacks against ships, shipowners, and ports may affect physical safety. Therefore industry security leaders must adopt new robust cyber security practices to the sector. A few days ago, I reviewed a report mapping the growing cyber threat against the “blue-Denmark”, which consists of shipping companies, equipment suppliers, maritime authorities, ports, etc.  The analysis describes the current threat landscape and operates with a warning horizon of next year. But it should be an urgent “wake-up call” for the sector as described in the analysis below:

Source: Opora connected shipping suppliers threat report – www.opora.io

The Role of Denmark Maritime Sector

Denmark is the world’s fifth-largest shipping nation measured in operated tonnage. More than 700 merchant ships operate under the Danish flag, and close to 2,000 ships are operated from Denmark. In addition, Blue Denmark comprises several globally cutting-edge and often high-tech equipment suppliers. Shipping ties Denmark together and provides connections to her neighboring countries. Denmark has more than 50 domestic and 15 external ferry routes. With more than 100,000 port calls each year, and more than 70,000 ships a year navigate the Danish straits, making Danish waters some of the busiest in the world.

Multiple Types of Cyber Crime pose an increasing Threat

Economically motivated criminals hack private companies and public authorities across  Denmark maritime companies. The report observed that criminal hackers groups launch dedicated campaigns against the Danish maritime industry or specialize in attacks on the industry. The threat is primarily directed at regular business systems such as non-sector-specific administrative systems. However, attacks may also affect or spread to operational systems and, at worst, affect the operation of the systems.

  • Advanced targeted ransomware attacks have become common – hackers use considerable time and resources to select and encrypt vital parts of compromised victim networks. Once the systems are locked, hackers often demand ransom equivalent of several million Danish kroner to unlock them. Since late 2019, hackers behind targeted ransomware attacks have started threatening to leak sensitive data stolen from infected systems unless a ransom is paid. Lately, we recognized a new trend of hackers willing to encrypt OT systems onboard ships and at ports – shutting down the business operation. These attacks are typically distributed via phishing campaigns.
  • BEC -Bussiness Email Compromised –  Growing threats emanate both from fraudsters targeting companies across the sector and from groups specializing in targeting the maritime industry.
  • Exploiting Computing Power – Compromising computers and connected digital OT devices to exploit their computing power for crypto miners

 Cyber Espionage by nation-level hackers

The state’s motive for espionage against the maritime industry can be divided into two main categories. Firstly, states spy to promote their industries and economy. Secondly advantage and to gain access to information that is the states to obtain relevant information in a security policy context, ranging from overall strategic information to information relevant to military planning. The threat is particularly targeted at high-tech equipment suppliers, maritime authorities, large international shipping companies, and ports and port terminals that are part of the critical infrastructure in Denmark and abroad.

Connected Eco-system as stepping stones

Suppliers and partners to key public authorities and private companies are becoming victims of cyber espionage attempts without being the main target themselves. Hackers attack organizations to use them as a stepping stone to compromise customers and partners that may be of interest to foreign states. Some sub-suppliers or partners may not hold knowledge of interest to foreign states. However, they may have access or credibility that hackers exploit to compromise their intended targets. Maritime equipment suppliers are as mentioned particularly exposed to cyber espionage. Hackers use compromised equipment suppliers as stepping stones to launch destructive cyber attacks on OT systems onboard ships. It can for example be attacks disguised as legitimate system updates. In my opinion, Denmark authorities should join forces with industry leaders to execute pre-emptive mitigation actions and take control back to their security.