What is Malware and how can it affect shipping companies?
Malware is a form of malicious software that is intended to interrupt, destroy, or access a computer device without authorization. Computer bugs, malware, viruses, trojans, and spyware are all forms of malware. Such malicious software has the power to steal, encode, or erase private information, change, or hijack key computing functions, and track the victim’s machine behavior.
Malware attacks will impact not only individual shipping firms but also ports, as demonstrated by the ransomware assault on the Port of San Diego last year. These attacks can be carried out using social engineering tactics such as phishing emails intended to get the user to click on a connection, or by network security bugs, as in the case of the ransomware attack.
Malware attacks on individual ships are also likely. Ship networks are becoming more fragile as organizational technology (OT) becomes more interconnected with computer technology (IT) and connected to the internet. Malware can be inserted into a ship’s infrastructure by insecure obsolete and unpatched software systems, or the common use of unsecure flash drives and personal devices attached to ship computers, and then rapidly spread to shore-based networks where it can cause more harm.
How does malware work?
Any piece of malware fits the same simple pattern, the user unintentionally downloads it, or the malware spreads through leveraging a weakness.
Malicious applications, for example, may be shipped to a device by USB drive or distributed around the internet via drive-by downloads, which run the software without the user’s permission. Since malware is installed on remote hardware rather than the computer’s hard drive, USBs are especially common because they reduce the likelihood that antivirus software will detect it.
Another way malware spread is through fraudulent websites and friend file sharing networks that claim to have legitimate applications. Malware is mostly installed through pirated software programs.
Any malware, whether it steals personal information, exposes keystrokes, or mines bitcoin, poses a cybersecurity danger.
Some Previous incident examples of malware.
- CMA CGM, the French shipping companies, has been targeted by a ransomware threat, bringing the total number of cyber-attacks against the world’s four largest maritime shipping firms in the last four years, since 2017.
- In 2017, the NotPetya ransomware/wiper took down APM-Maersk for weeks.
- Mediterranean Shipping Firm was struck by an unidentified ransomware strain in April 2020, which wiped out its data center for days.
- In July 2018, ransomware brought down COSCO for several weeks.
What are the different types of malware?
- Computer viruses – Viruses are a form of malware that replicates itself by altering other computer software and adding its own code. When replication is successful, the machine becomes infected.
- Computer worms: Data worms are self-replicating malicious programs with the primary goal of infecting other machines by duplicating themselves. Worms also spread by taking advantage of security flaws or a lack of network security.
- Trojan horses are malicious programs that deceive users by posing as a legitimate application.
- Rootkits are a form of malware that allows illegal entry to a computer’s program or data. Since rootkits reside in the kernel, anti-malware software sometimes fails to detect them, and rootkit removal can necessitate hardware repair or special tools.
- Ransomware: Unless a ransom is paid, ransomware attacks prevent access to a computer device or records. Downtime, data leaks, intellectual property theft, and data hacks are all consequences of ransomware attacks.
- Keyloggers, also known as keystroke loggers or machine logging software, are malicious programs that track and record every keystroke typed on a keyboard computer. To obtain access to personal information or login credentials, keyloggers are often used.
- Grayware is a term for unauthorized programs or files that slow down a computer’s output and pose a security danger.
- Adware is a kind of grayware that displays advertising on your computer, usually in the form of pop-ups in your web browser.
- Spyware collects information about an individual or a company without their knowledge and sends it to the attacker.
- Botnets initiate cyberattacks by infecting computers and remotely monitoring them in real time. Botnets are a common way to conduct distributed denial-of-service (DDoS) operations.
- Crimeware is a form of malware that automates online criminal activity. It’s made to hack identities, steal financial records, and sell them on the dark web, as well as collect classified information.
- RAM scrapers collect data that has been temporarily saved in memory or RAM. Often it targets point-of-sale (POS) systems, such as cash registers, that temporarily store unencrypted credit card numbers before sending them to back end.
- Rogue protection software deceivesusers into believing their device has a security flaw and therefore convinces them to pay and get it fixed.
How to detect malware?
There are a few universal symptoms that may indicate the presence of malware on your device:
- Your system is working at a slower pace than usual: Malware could have taken over your device’s operating power if your computer unexpectedly slows down.
- You note that there is not enough storage space: Many types of malware add extra files to the laptop, reducing the amount of storage available.
- On your computer, pop-ups and unwelcome programs appear: This is one of the most important signs that the system has been compromised.
- Your personal information has been compromised: Monitoring for data exposures on a routine basis will help you find out whether your data has been infected by malware.
How to prevent malware infections
Based on IMO & NIST, the following are some specific measures maritime businesses can take to reduce their risk of becoming infected by malware:
- Maintain the most recent versions of both applications and frameworks to ensure that all known bugs are addressed.
- Install and keep up-to-date anti-malware applications on your computers.
- Prepare and execute a robust information security policy in accordance with a recognized framework, such as the National Institute of Standards and Technology (NIST) standards.
- Backup all the files on a daily basis.
- User functions may be used to restrict access to network systems.
- To avoid unwanted entry, protect all networks and firewalls, including closing unused ports and protecting routers.
- External media, such as USB drives and other equipment, should be monitored and limited in accordance with a stringent information security strategy that requires a “bring your own computer” (BYOD) policy. Removable media can ideally only be used until it has been thoroughly scanned for malware.
- To minimize the risk of phishing attacks or visiting hacked websites, train staff on vulnerability detection, such as how to detect phishing attacks and social engineering tactics, as well as internet protection. There are a variety of educational software packages that can be used to evaluate the success of these training efforts.
- Create and implement a remote access program that covers both corporate and personal computers.
- Before downloading some device, make sure it is up to date.
- To limit any costs, consider buying sufficient cyber liability insurance.
- Although no countermeasure can completely remove the possibility of malware infection, following these best practices can help reduce an organization’s overall risk of a major danger to the maritime industry.
Summary
Since the NotPetya ransomware attack on Maersk, the industry has been brutally subjected to the effects of ransomware. Remember that 94 percent of all ransomware is sent by email, which means that your company’s protection is in your end-users. When constructing your cybersecurity layers, remember to inform and prepare your end-users so that they are aware of the risks they will face and what to do if an attempted attack lands in their inbox.
Malware today is designed to evade conventional protections. A comprehensive strategic approach to cybersecurity is needed to deter malicious software from targeting your onboard networks, computers, and records. Instead of being assigned to the ship security officer or the director of the IT department, a successful cyber risk management strategy should begin with senior management.
Reference
https://www.lexology.com/library/detail.aspx?g=c77217f9-83d5-42bd-9f34-501f2faa6cc0
https://www.dualog.com/blog/how-to-deal-with-malware-in-the-maritime-sector