Maritime lawyer, Henry Clack of London’ HFW is confronting the rise of sophisticated cyberattacks targeting the global shipping industry, where criminal gangs employ “man-in-the-middle” scams and ransomware to hijack communications and extort millions, endangering maritime cybersecurity.
With 80% of world trade moving by sea, the average cost of responding to a maritime ransomware attack doubled to $550,000 in 2023 alone. Now, ransoms average $3.2 million, further endangering economic stability and physical safety at sea.
Faulty systems can cause delays, financial losses, and life-threatening exposures at sea. The rising tide of cyber-attacks illustrates how technological means made to modernize and facilitate trade have also initiated criminal opportunity.
Cyber Crime Costs Soaring in Shipping
Nigerian maritime cyber gangs are the cyber sea pirates mainly accused.
“Those organizations have conducted many high-value ‘man-in-the-middle’ scams over the last few years,” Clack says, having worked with them on many occasions.
Scammers hijack emails, act on behalf of both parties, and steal information or hold systems for ransom until companies comply. HFW shipping law indicates that between 2022 and 2023, the average cost of coping with an attack doubled to $550,000. Where recovery is not feasible, ransom payment averages $3.2 million.
“Cyber security is a major concern for the shipping industry, given how interconnected the world is. Shipping has been listed as one of the top 10 targets for cyber criminals globally,” says John Stawpert of the International Chamber of Shipping.
The Netherlands study shows that incidents increased from just 10 in 2021 to at least 64 in 2023. There are state sponsored, as well as some that are exclusively focused on extortion, adding to the expense of shipping industry ransomware threats.
Technology Risks and Defenses at Sea
Technology is at the root of the problem. Services like Starlink make ships more integrated, but also more routes through which to attack.
Older ships, most cargo ships approximately 22 years old, are quite frequently armed with older systems, which complicates shipping cyber risk management. More advanced threats like GPS spoofing can trick navigation systems. In May, MSC Antonia was stranded in the Red Sea due to a suspected case of spoofing.
“GPS spoofing means providing the navigation system with a false location, and that means that the ship takes a completely different route—it can even be physically harmed,” says Arik Diamant of Claroty.
Other vulnerabilities are sensor and emissions related, and these can expose networks to hackers. In response, the industry is adopting maritime anti-jam technology and updating defenses.
The International Maritime Organization has made more stringent maritime cyber security requirements mandatory in ship management systems from 2021, with provision ranging from basic protection to advanced IT defenses.
Specialists agree that maritime cybersecurity consciousness is increasing.
“There’s hugely increased awareness across the industry of cyberattacks and cybercrime,” Stawpert says.
It is now a challenge to prevent ships from being hacked before disruptions get out of control. However, Clack’s work allows him to have direct contact with offenders.
“When it does happen, it is usually more than not in ransomware ransom talks,” he explains. Communication is conducted in brief, typically couplets via messaging apps.
With the changes and challenges taking place within the shipping industry, one thing is sure: maritime cyber security is no longer an issue to be denied, it has become at the heart of protecting ships from hackers and keeping world commerce flowing from cargo ships to ports, and even as new regulations like electronic travel authorization reshape cross-border movement.
Inside Telecom provides you with an extensive list of content covering all aspects of the tech industry. Keep an eye on our Cybersecurity sections to stay informed and up-to-date with our daily articles.