Dryad Global and Red Sky Alliance’s report for the fourth week of February identified new phishing attacks containing motor vessel (MV) and motor tanker (MT) in the subject line of malicious emails
The report stated that “Email subject line MV or MT keyword usage is a common lure to entice users in the maritime industry to open emails containing malicious attachments" and noted that hackers are increasingly targeting this niche with phishing links.
The weekly list showed vessels being impersonated with the associated malicious emails. Dryad Global’s report showed attempts to use vessel names to try to lure companies in the maritime sector.
The report for the fourth week of February 2020 has seen a large percentage of these malicious emails attempting to deliver the Trojan malware Tiggre!rfn and Wacatac.
Tiggre!rfn is Trojan malware for Microsoft Windows that mines cryptocurrency off the user’s computer. Wacatac is an alias of the RedRum ransomware that is distributed through email spam.
The report for the third week of February lists attempts to impersonate a Maersk vessel among others. In 2017, Maersk was victim to a cyber-attack that crippled Maersk Group’s IT systems.
Dryad Global’s analysis illustrates “how opening any infected email could cause a recipient to become an infected member of the maritime supply chain and thus possibly infect victim vessels, port facilities and/or shore companies in the marine, agricultural, and other industries with additional malware.”
The report flags up other attempts to impersonate high profile senders including the WHO and China Shipping Bulk Co.
Shipping companies have begun to step up their efforts as cyber security emerges as a top priority. DNV GL and Wärtsilä have an MoU in place to collaborate on a range of digitalisation measures including cyber security.
Commenting on his company’s award of a cyber security notation last month, DNV GL’s chief executive for maritime Knut Ørbeck-Nilssen said “As ships become more connected, they are exposed to cyber risks.”