The Norwegian National Security Authority (NSM) has warned of an increase in the number of cyber campaigns targeting several different sectors since June this year and states that both the maritime sector and the oil and gas sector have been victims of such targeted attacks.
The campaigns have used social engineering techniques in emails and in personal messages through social media, primarily LinkedIn, but also WhatsApp and Facebook Messenger to install malware on the user’s computer; gather information about the user, their employer or other users connected to them; and further spread the campaigns.
While the scope of these campaigns and the subsequent incidents are reportedly global, “companies in the United States of America, Europe, and the Middle East have been the main targets”, says the NSM. It also establishes that the threat actors have demonstrated high ability and capacity to conduct their operations.
Backing up this cyber threat, the Norwegian Maritime Authority (NMA) stressed in a statement earlier this month: “Especially shipowners that operate in ISPS/MARSEC level two areas or higher should be aware of the situation.”
The NMA has issued recommendations to its members in the wake of this growing hacker threat. The advice includes ensuring networks are segmented. There should be no physical connection between administrative and operative parts of the network. NSM also suggested using encrypted communication where possible, also between ships and land-based infrastructure as well as being careful with documents that suggest enabling macros in Word, Excel or PowerPoint.
NSM said shipping companies need to very wary of messages with links and attachments in social media, as this is the new target arena identified by Norwegian authorities.
Norwegian P&I club Gard has recommended ship operators and seafarers report all suspicious activity and breaches of security to their flag administrations and/or national security authorities, as this will support their work to monitor ongoing cyber threats and risks.
In a note to members, Gard also reminded ship operators that cyber risks must be appropriately addressed in ships’ existing safety management systems, as defined in the ISM Code, no later than the first annual ISM audit after January 1 2021.