Phishing at sea

Malaysia flag

The maritime industry is becoming increasingly aware of the threat which it faces from cyber risk. Discussion of this issue often focuses on dramatic scenarios such as the possibility of “electronic piracy” through the remote capture of a ship’s navigational systems. Other areas of concern have included the vulnerability of cargo handling systems which in the past have been subject to attack by groups ranging from Somali pirates to the Mafia.

Recent news from Malaysia is a reminder of the vulnerability of the maritime industry to more mundane cyber-attacks. It has been reported that a bunker company in Malaysia was the victim of cyber criminals who stole more than US$1 million from the business. It appeared that the attackers were able to install spyware on the target’s computer and read email exchanges between the company and its supplier. They then created a fake email purportedly from the supplier requesting payment of monies to a bank in the US. The victim only became aware of the attack when the real supplier contacted it for payment.

The attack highlights again the importance of proper training of staff to make them aware of the dangers of this kind of attack and some of the simple defensive measure that may be taken to reduce the risks of an attack succeeding.

Simon Cooper