WCB#4-Ransomware Attack on Maritime software
Weekly Recap
From credential stuffing attacks to ransomware attacks, this week in Cyber saw a plethora of eye-catching stories. Some of these stories include:
Mailchimp being the victim of a data breach - The email marketing-based company was hit by a data breach caused by a social engineering attack on its employees. The unknown threat actor was able to gain employee credentials through an alleged phishing attack. In my opinion, I find it ironic that a company that prides itself on email marketing would be the victim of such an attack but this shows just how simple yet dangerous phishing attacks can be.
New Hook Malware targeted toward banks has surfaced - This malware is geared towards accessing sensitive data found in financial apps and it can create a remote interactive session. With this, an attacker is essentially able to perform a Device Take Over (DTO) and capture a user's call logs, two-factor authentication tokens and other important data.
Russia-linked drug marketplace hacked by its rival - Solaris, known as an infamous drug marketplace, was recently attacked by Kraken, another notorious drug marketplace. Kraken was able to gain control of Solaris's infrastructure, GitHub repository and project source code. A vulnerability that was exposed and exploited by Ukrainian cyber expert, Alex Holden, seemed to be the start of this massive attack on Solaris.
For this week's main story, I chose to focus on the ransomware attack on maritime software that impacted 1000 ships. The Norwegian-based maritime giant DNV (Det Norske Veritas) which translates to "The Norwegian Truth" in English, had some of its servers shut down. The software that was impacted is called 'ShipManager' and it is used to monitor different features of their shipping fleet. This software aids managers and ship owners by increasing efficiency and reducing Opex(Operational expenditure). ShipManager is comprised of a variety of modules such as shipping data analytics, hull integrity management and other modules which can be found here. Recently, DNV has stated that hundreds of companies use their software. Of that number, 70 of those companies were negatively affected which resulted in 1000 ships managed by these 70 companies being affected.
Summary of Attack
What is a Ransomware Attack you may ask?
Ransomware can be defined as malware that threatens individuals or companies by blocking their access to sensitive data or by threatening to publish said sensitive data. Ransomware encrypts sensitive data and coerces the victim to pay a fee in a certain timeframe. If this fee is not paid or not paid in that timeframe, the victim risks losing the data forever or the data being exposed to the general public.
The lack of information currently on how this ransomware attack originated, leaves one to wonder which ransomware attack vector the threat actor used. Was it via a phishing email or was it via smishing? Until more is revealed, I am unable to detail the specifics of the attack but I will discuss how and why I think the attack vector was social engineering which can consist of vishing and other methods.
Why I found this story interesting
In cybersecurity, it is always interesting to observe how an attacker just needs to be successful only once to cause damage to another entity. In this case, one simple ransomware attack caused significant losses to maritime companies. What is interesting to me, however, is no official news has been shared on why the attack occurred and how the attackers were able to pull this off. My guess would be a simple method of phishing, smishing or even vishing may have been used on an employee. More on these terms can be found here. Since it can be a huge dent in the company's image, I believe, the company chose to keep it classified until a later date. To be fair, however, the company, together with authorities, announced they are still investigating the situation.
Possible Implications
Loss of revenue
Loss of trust
Sensitive Data Exposure
Extended downtime of systems
Possible Solutions
Heightened security awareness & training
Implementing a least-privilege policy
Backup and file management
Strong passwords and enabling multi-factor authentication
Conclusion
Despite the attack on various maritime companies, DNV did well in advising companies promptly about the situation. This allowed the companies time to inform the relevant authorities and implement measures to mitigate the damage. The outages, luckily, did not affect other services and no vessels were harmed during this attack. This attack shows that no industry is safe from cybercrime. More investment in terms of resources and awareness is needed across all essential industries such as Maritime to prevent and mitigate these assaults.
Resources
Alessandro Mascellino Freelance Journalist Email Alessandro Follow @a_mascellino. (2023, January 19). Mailchimp hit by another data breach following employee hack. Infosecurity Magazine. Retrieved January 22, 2023, from https://www.infosecurity-magazine.com/news/mailchimp-hit-another-data-breach/
Android Users Beware: New hook malware with rat capabilities emerges. The Hacker News. (2023, January 21). Retrieved January 22, 2023, from https://thehackernews.com/2023/01/android-users-beware-new-hook-malware.html
Russia-linked drug marketplace solaris hacked by its rival. The Record from Recorded Future News. (2023, January 19). Retrieved January 22, 2023, from https://therecord.media/russia-linked-drug-marketplace-solaris-hacked-by-its-rival/
Marine fleet management software: ShipManager. DNV. (n.d.). Retrieved January 22, 2023, from https://www.dnv.com/services/marine-fleet-management-software-and-ship-management-systems-shipmanager-114260
Subscribe to my newsletter
Read articles from Kerwin directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
Kerwin
Kerwin
Cybersecurity Professional | Writer | Frontend Developer