Maritime cybersecurity faces a new and highly unpredictable threat as scammers line up to exploit fears surrounding the Coronavirus at the same time as the industry moves to encourages remote working to minimise the spread of the pathogen.
“Shipping companies are looking into reconfiguring their shore-based operations in response to the spread of Coronavirus, but employees can expect to receive unsolicited messages geared to exploit their personal anxieties about the epidemic,” warns GTMaritime’s Jamie Jones, Operations Director. “As organisations ramp up physical hygiene, it is important they don’t take their eye off cyber-hygiene.”
Researchers at Sophos recently identified a trojan campaign specifically targeting Italian email addresses attempting to play on worries about the virus. The phishing email comes with an attached Word document that claims to contain advice on how to prevent infection – but is in fact a Visual Basic for Applications (VBA) script that drops a payload to steal confidential information.
More generally, scammers are setting up websites to sell bogus products, and using fake emails, texts and social media posts to seek out personal information or financial reward. Under cover of promoting awareness, offering prevention tips or providing fake information about cases local to the recipient, fraudsters can request donations for ‘victims’ or deliver malicious email attachments to spread malware or steal log-in credentials.
“On the one hand, IT professionals working at shipping companies are at an advantage as they are already familiar with the challenges of remote working – as nothing can be more remote than a ship in the middle of the ocean,” says Jamie. “On the other, they must monitor and contend with emerging risks across multiple territories rather than managing a response within a single country.”
GTMaritime recommends that shipping companies review their cyber response plans to ensure they can withstand the fresh threats emerging due to Coronavirus. “Companies should ensure that their IT infrastructure is as robust as it can be. GTMaritime offers a comprehensive suite of solutions and provides free phishing penetration tests to its customers to bolster defences against all threats including those leveraging Coronavirus to conduct financial fraud and disseminate malware,” adds Mike McNally, Global Commercial Director
In anticipation of a broader spread of COVID-19, the United States’ Cybersecurity and Infrastructure Security Agency (CISA) has issued high-level guidance to help organisations plan for potential impacts – physical and virtual – to their workforce and operations. As well as reviewing business continuity plans for infrastructure, supply-chain and workforce impacts, CISA says all organisations should conduct recurrent assessments of preparedness. Above all, its advice envisages all machines having properly configured firewalls plus anti-malware and intrusion prevention software installed.
Advice for maritime IT professionals:
- Ensure VPNs and other remote access systems are fully patched
- Stress-test remote access solutions’ ability to cope with increased usage
- Ensure laptops issued to employees have firewalls, anti-malware and intrusion prevention software installed
- Switch on enhanced system monitoring to receive early detection and alerts on abnormal activity
- Ensure business continuity plans are up-to-date
- Update incident response plans to consider workforce changes in a distributed environment.
Advice for crew and shore-based employees:
- Don’t click on links from sources you don’t know and be extremely wary of attachments
- Disregard unsolicited emails claiming to be from official health agencies with new information about the virus
- Do not reveal personal or sensitive operational details in emails
- Ignore online offers for vaccinations, treatments or cures