Ship operators warned over malware targeting shipping in spear-phishing attacks

US Coast Guard issues alert over rise in cyber attacks targeting commercial vessels

The US Coast Guard has issued a safety alert to warn mariners about the risk of malware targeting the computer systems of commercial vessels.

In the past three months, Coast Guard has issued two official warnings to highlight problems with cyber security practices of commercial ships.

The first security alert [PDF] came in May, warning mariners and ship owners about a spear-phishing campaign that aimed to spread malware to ships. The emails, which specifically targeted ship operators, posed as coming from the official account of US Port State Control authority.

The Coast Guard has now said that it has issued a second alert [PDF] to reveal details about a cyber-security incident that occurred in February this year and impacted a deep draft ship bound for the East Coast.

The ship was traveling into the Port of New York when its operators noticed issues in the shipboard network. A joint investigation led by the Coast Guard revealed that a malware attack had significantly degraded the functionality of the ship's computer systems, although its essential controls were not impacted.

"Nevertheless, the interagency response [team] found that the vessel was operating without effective cybersecurity measures in place, exposing critical vessel control systems to significant vulnerabilities," the Coast Guard said in its report.

According to this report, the ship's network was primarily used for official tasks, including managing cargo data, updating electronic charts, and communicating with pilots, facilities, agents and the Coast Guard.

This cyber-security incident is not the first instance of a malware attack targetting a commercial vessel. The 2018 edition of the 'ICS Guidelines on Cyber Security Onboard Ships' describes two separate incidents, in which malware was unintentionally introduced to a ship's computer systems.

In one incident, the electronic power management system of the ship was affected, while in another the ship's network was compromised.

Also in 2018, the Department of Homeland Security, the FBI, and Coast Guard investigated a ransomware attack that targeted the Port of San Diego and disrupted the commercial shipping operation.

Considering the severity of the issue, the US Coast Guard has advised all vessel operators, facility owners, and other responsible parties to take appropriate steps to mitigate the risk of malware attacks on commercial vessels.