01 Apr Will Cyber Pirates Attack Ships In Ever Given’s Wake?
Maritime security is a major concern for Ken Munro
Northport, N.Y. – Apr. 1, 2021
Have you ever played Battleship with a hacker? Unlike the harmless children’s game, this dangerous business of “hacking, tracking, stealing, and sinking ships” can quickly turn fatal. If shipping vessels don’t upgrade their cybersecurity soon, they may capsize.
“Criminals follow the money, and there’s money in shipping,” said Ken Munro — a penetration tester, security writer, speaker, and partner at Pen Test Partners — in a recent appearance on the Cybercrime Magazine podcast, reflecting on the dire need for improved maritime security.
Just last week, the world watched as $400 million per hour in goods was lost due to the unprecedented blocking of the Suez Canal by the Ever Given. The cargo ship is free now — but after six days, costs topped $1 billion and 400 following ships face lengthy delays.
“The Ever Given episode put into perspective just how large the losses can be when ships don’t do what they’re supposed to,” Munro told us. “In a short period of time, one simple incidence created billions of dollars in loss.”
Cybercrime Radio: Patrolling the seas with Ken Munro
Lessons learned from the aviation industry
And if we’re not careful, it’ll happen again. According to Munro, “the many opportunities for financial gain in the shipping industry” are going to become increasingly difficult for cybercriminals to resist.
After decades of “frighteningly expensive” satellite communication and connectivity costs, ships at sea are still catching up to our latest technologies — most of which are made possible by affordable services like Viasat. Unfortunately, though, cyber pirates have more technical experience, and consequently maintain an intimidating advantage.
In a matter of only three years, maritime cyberattacks increased by 900 percent. By the end of 2020, reported incidents reached record volumes.
Though daunting, these threats aren’t impossible to get ahead of. Munro’s most essential tip? Avoid default passwords at all costs.
“Looking back to early research on satellite terminals, shipping operators didn’t think to secure them,” he quipped. “They kept default passwords and other trivial vulnerabilities, making themselves an easy target.”
Despite security improvements made in recent years, “it’s still not that difficult to compromise a vessel,” Munro cautioned.
Perhaps maritime shipping should take a hint from aviation’s recent security investigations.
“Aviation’s a really interesting area for security right now,” Munro said. “It’s a shame that they were hit so hard by the coronavirus pandemic,” but with so many prematurely retired planes, security researchers have been able to find new technical vulnerabilities and bring them to manufacturers, resulting in increased security for air travel and shipping in the future.
“It’s a silver lining for researchers,” declared Munro. With these improvements, “security’s just getting that little bit better,” but it’s still vital to be prepared for an attack — after all, preparation is the best defense we have against ruthless cyber pirates.
To hear more about Munro’s career and his thoughts on the latest IoT vulnerabilities, listen to the full podcast episode here.
– Amanda Glassner is a staff writer and reporter at Cybercrime Magazine.