cyber maritime security – threats and countermeasures cyber maritime security threats and countermeasures
ASSESSING EMERGING THREATS TO MARITIME SECURITY AND INVESTIGATION OF TRIGGERS FOR THREATS TO MARITIME SECURITY WITH A FOCUS ON CYBER SECURITY
According to a study presented today by researchers from Google, Chainalysis, UC San Diego, and the NYU Tandon School of Engineering, ransomware victims have paid more than $25 million in ransoms over the last two years. In order to build a comprehensive picture of the ransomware ecosystem, researchers tracked those payments through the blockchain and compared them to known samples. The results were published in the journal Science.
In recent years, ransomware has evolved into an almost unavoidable security threat. Upon infection, the program encrypts all local files with a private key that is only known to the attackers, and the attackers demand thousands of dollars in bitcoin in exchange for the ability to recover the systems. It is a destructive but profitable attack, and it has proven to be particularly popular among cybercriminals in recent years. A particularly vicious ransomware attack crippled the computers at San Francisco’s largest public radio station this summer, forcing producers to rely on mechanical stopwatches and paper scripts to get their shows on the air.
The researchers tracked 34 different families of ransomware, with a few major strains accounting for the majority of the money made by the researchers. Data shows that a ransomware strain known as Locky was patient zero of the recent epidemic, resulting in an enormous increase in payments when it first appeared in early 2016.. In the following years, the program would generate more than $7 million in payments from participants.
(Brandom et al., 2017)
Google study finds that ransomware victims have paid out more than $25 million, according to R. Brandom of The Verge. [online] The following link is available: https://www.theverge.com/2017/7/25/16023920/ransomware-statistics-locky-cerber-google-research (Accessed on the 26th of July, 2017).
The WannaCry ransomware attack
On the 12th of May, 2017, the world awoke to one of the most extensive cyber-attacks on information technology systems and networks in history. As a result of the attack carried out by the ‘WannaCry’ crypto worm, the term “ransomware” has entered the common jargon of the information technology community and has become a reality to be faced with. It is estimated that the WannaCry ransomware attack (Brenner, 2017) has infected more than 2 lakh computers and networks in more than 150 countries. Since most businesses and organizations were only made aware of the attack in the early morning hours of May 15, 2017, the ransomware had unfettered access to global corporate, business, and financial networks, allowing it to spread more quickly and effectively.
Figure 1: The WannaCry ransomware spread on May 17th (Durden, 2017)
WannaCry ransomware spreads through the use of the EternalBlue vulnerability that is built into Windows Microsoft systems. Though initially believed to affect only PCs running the Windows XP operating system, it was later discovered that other Windows operating systems were also infected, with nearly 98 percent of systems running the Windows 7 operating system being infected (Brandom, 2017). This prompted Microsoft to issue security patches for all current operating systems (Microsoft, 2017), as well as an emergency security patch for Windows XP (Warren, 2017). Microsoft, on the other hand, took two days to release this. It was only hours after the attack began that a kill switch was accidentally discovered by a security researcher (Willgress and Walker, 2017), which was able to prevent the ransomware from spreading further.
Wannacry launched three waves of attacks on computer networks (Brenner, 2017). It all started with the execution of a remote code that granted advanced user privileges to the compromised computer. The second stage involved the unpacking and execution of the ransomware, which resulted in the hijacking of the computers. As soon as the ransomware finished encrypting the computer’s documents, it displayed the now-famous ransom note. The ransomware was distinguished by the fact that it did not require human intervention in order to spread. There was also no guarantee that the hackers would be able to decrypt the files due to technical glitches that were discovered. This meant that making a payment did not guarantee that the systems would be unlocked (Symantec Official Blog, 2017).
Not everyone was able to pay the ransom that had been demanded. The ransom, on the other hand, was to be paid in bitcoins to three different addresses. While approximately $50,000 (Lynch, 2017) in ransom was received in the first three days, by the 26th of July, this figure had dropped to only $144,967. (Twitter, 2017). It is also possible that this figure will fluctuate depending on the price of Bitcoin on the digital market. Furthermore, as can be seen in Figure 3 below, no withdrawals from the Bitcoin account had been made, which is most likely due to the fact that most governments and security agencies will be keeping an eye on the account’s activity.
Wannacry has collected a ransom in Figure 3. (Twitter, 2017)
As of 02 August 2017, a total of $142,361.51 (price variable due to fluctuating value of Bircoins) had been withdrawn, which represents the entire ransom collected as a result of the ‘WannaCry’ cyberattack. To summarize, while it is estimated that the hackers caused billions of dollars in losses, they have earned less than a dollar for each infected computer, according to some estimates. The attack has demonstrated that even major corporations and organizations with the financial and human resources to protect their networks and systems are still unaware of the serious threat that such attacks pose and the devastation that they can wreak on their infrastructure.
http://www.reuters.com/article/us-cyber-attack-maersk-idUSKBN19I1NO
Petya Malware Launches An Attack
The Petya malware attack occurred in Ukraine at the same time that the world was grappling with the WannaCry ransomware attack. Ukraine was the epicenter of both attacks (Polityuk and Prentice, 2017). Despite the fact that it occurred immediately after the ransomware attack and that it exploited the same vulnerabilities as the earlier attack, this attack was fundamentally different in its nature. As shown in Figure 4 below, the attack was primarily targeted at Ukraine (We Live Security, 2017), and despite the fact that it displayed warnings demanding ransomware, it went about wiping out the hard disks of computers rather than encrypting them. As a result, experts came to the conclusion that while the malware’s stated goal was to steal money, its hidden goal was to bring Ukraine’s government and institutions to a grinding halt (Kramer, 2017). The Chernobyl Nuclear Power Plant in Ukraine was one of the victims, with the radiation monitoring system at the plant being shut down as a result of the attack.
Figure 4 depicts the spread of the Petya malware attack (We Live Security, 2017)
As an illustration, the world’s largest container shipping company, which transports 15 percent of the world’s seaborne trade, was also impacted by the Petya cyber-attack, which affected both operations at many of its 76 port terminals in 59 countries as well as business operations / bookings, as well as the world’s largest container shipping company ( ). Maersk, one of the industry’s leaders, has implemented a new digitisation strategy for all of its business operations. Several ports were closed as a result of the cyber-attack because the handlers were unable to identify who was shipping what and therefore could not load or unload the containers in question. It took Maersk nearly a week ( ) to restore service to all of its information technology operations.
The Maritime Industry Faces a Cyber-Based Threat
It is possible that the relationship between the aforementioned attacks and the threat to maritime security will be difficult to establish. To grasp this concept, consider the fact that to a hacker or a Jehadi, a computer node on a merchant vessel or a port facility is no different than any other PC in a government or corporate office, complete with its own set of difficulties such as firewalls, and that its value to him is solely determined by the amount of ransom it can fetch or the amount of destruction or damage it can cause. Based on recent events such as the WannaCry ransomware attack and the Petya malware attack, it is clear that the scale of cyberattacks is becoming more severe, and the motivations of hackers range from ransom (which they may be willing to forego) to economic and governmental meltdown. How long do you think it will take for cyber criminals and governmental / non-state actors to target the maritime industry, given the growing capabilities of both groups? –
With only a handful of cyber-attacks reported in the last few years, the maritime industry has remained relatively unscathed by the worldwide storm of cyber-attacks that appears to be sweeping the globe. According to a Google study (Brandom, 2017), ransomware victims have paid ransoms totaling more than $ 25 million in the last two years, according to the study. Consider the potential devastation caused by a merchant ship going rogue in the Suez Canal. This could have a negative impact on the International Sea Lanes and the Supply Chain Network, which are both dependent on the seas for 90 percent of all international trade. When Reuters predicted that more oil rigs, port facilities, containers and merchant vessels would connect to the internet, they said it would expose them to attack. That prediction came in 2014. (Wagstaff, 2014). They described how, in one instance, an oil rig had been hacked and tilted, and another had been infected with malware, rendering them unusable.
In a high-profile case that began in 2011 and lasted for more than two years, drugs were being shipped to Antwerp in containers with banana shipments, according to authorities (Freeman, 2013). Belgian hackers hired by the cartel then identified the containers by hacking into the ports management system, and they were able to remove the containers before the real owners had a chance to recover them (Bateman, 2013). Immediately after a security breach was discovered and a firewall was installed, the hackers physically penetrated the security and installed wireless bridges to allow them direct access to the system. By the time the case was solved in 2013, it was unclear how much drug had been shipped, and the only way to know for sure is to look at the amount of drugs seized at the end of the investigation, which totaled £260 million.
What Makes it Susceptible to Attack?
Automation
The preparedness of the industry in addressing the cyber threat has been discussed in greater detail in subsequent sections. However, at this point, while both the International Maritime Organization (IMO) and the British International Maritime Council (BIMCO) have issued guidelines ( ), the question remains whether they are sufficient to counter the current risks. The International Maritime Organization (IMO) and the British International Shipping Council (BIMCO) have linked cyber security to the International Ship and Marine Code (ISM code), thereby diminishing the urgency required to combat the cyber threat ( ).
Members of the Unmanned Cargo Ship Alliance who are currently active