On Monday, July 8, the Coast Guard issued a Marine Safety Alert claiming a vessel was struck by malware back in February. The craft is described as a 'deep draft' vessel on an international voyage which was struck by a "significant cyber attack" on its way to the Port of New York and New Jersey. 

Fortunately, the crew avoiding losing total control of the ship. An investigation into the incident found that while the malware significantly degraded the functionality of the vessel's computer system, essential control systems were not impacted. Regardless, the investigation found the vessel had been operating without effective cybersecurity measures in place, exposing critical control systems to significant vulnerabilities

The nature of the attack has not been revealed, but the crew admitted to knowing about the security risk to the ship's network before the attack occurred. While most crew members claim to not have used the network for personal business, it only takes one to expose the entire network. Members did, however, admit to regularly plugging USB drives into the ship's systems without scanning them for malware. 

This incident follows a Marine Safety Information Bulletin published in May which warned of cyber adversaries targeting commercial vessels. In the memo, officials warn of email phishing and malware intrusion attempts in an attempt to snoop on arrival schedules and cripple vessel control systems. 

This incident should serve as a wake-up call to vessels operating without proper security controls in place. To prevent such an attack, operators must segment the used networks, install and continuously update AV software, and avoid using external media, or scan it for malware prior to introducing to any vessel network.

Organizations must also ensure all known vulnerabilities are identified and mitigated within your infrastructure before they are exploited. NNT's Vulnerability Tracker helps organizations identify known vulnerabilities by continuously testing and assessing your IT network and any device connected to it against thousands of Network Vulnerability Tests (NVTs). 

Learn more about Vulnerability Tracker by viewing our Solution Brief 

 

 

 

 

Contact Us

USA Offices

New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
USin[email protected]

 

UK Office

New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
 [email protected]

CIS benchmarking SEWP Cybersecurity 500 Infosec Security Winners 2018 Sans Institute Now Certified IBM Security
Copyright 2020, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.