On Monday, July 8, the Coast Guard issued a Marine Safety Alert claiming a vessel was struck by malware back in February. The craft is described as a 'deep draft' vessel on an international voyage which was struck by a "significant cyber attack" on its way to the Port of New York and New Jersey. 

Fortunately, the crew avoiding losing total control of the ship. An investigation into the incident found that while the malware significantly degraded the functionality of the vessel's computer system, essential control systems were not impacted. Regardless, the investigation found the vessel had been operating without effective cybersecurity measures in place, exposing critical control systems to significant vulnerabilities

The nature of the attack has not been revealed, but the crew admitted to knowing about the security risk to the ship's network before the attack occurred. While most crew members claim to not have used the network for personal business, it only takes one to expose the entire network. Members did, however, admit to regularly plugging USB drives into the ship's systems without scanning them for malware. 

This incident follows a Marine Safety Information Bulletin published in May which warned of cyber adversaries targeting commercial vessels. In the memo, officials warn of email phishing and malware intrusion attempts in an attempt to snoop on arrival schedules and cripple vessel control systems. 

This incident should serve as a wake-up call to vessels operating without proper security controls in place. To prevent such an attack, operators must segment the used networks, install and continuously update AV software, and avoid using external media, or scan it for malware prior to introducing to any vessel network.

Organizations must also ensure all known vulnerabilities are identified and mitigated within your infrastructure before they are exploited. NNT's Vulnerability Tracker helps organizations identify known vulnerabilities by continuously testing and assessing your IT network and any device connected to it against thousands of Network Vulnerability Tests (NVTs). 

Learn more about Vulnerability Tracker by viewing our Solution Brief 

 

 

 

 

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
1175 Peachtree St NE
Atlanta, Georgia, 30361.
Portland
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire
AL5 2JD

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.