Cyber Criminals Take to the Sea

So, here’s a cybersecurity story you don’t usually read about…

Pirates are most popularly known as a hook-handed, one-eyed swashbucklers with parrots on their shoulders continuously searching for treasure in the open seas. But the pirate of old has evolved to one who uses technology to attack cargo ships, holds their crews for ransom and plunders the goods on board.

Just as technology has evolved the processes of work in all industries, it has also brought about changes to piracy. Now, pirates don’t have to wait in the vast expanse of an ocean. They can simply gain access to a ship’s IT systems for information about its route, cargo and sailing times. All the information they need to gain access to a massive ship is now at their fingertips.

Gone are the days of plank walks and scurvy. Pirates are quickly becoming another version of cybercriminals with devastating physical consequences.

From Port to Port

Technology has streamlined the shipping business. Shipping companies keep records of sailing times, departure and destination locations, cargo manifests and staffing requirements usually on a content management system (CMS). While the CMS helps those running the logistics of shipping goods around the world, it is at risk of being hacked and then pirated.

Pirates, with even the most basic knowledge, can gain unauthorized access to the CMS and shipping company databases. Here, they collect the information about which cargo is on which ship and the ideal place to intercept a ship. They eliminate the time it takes to pilfer through the goods. They can stop the ship exactly where they are expecting it, get on board, hold the crew in a single location, take the cargo they want and depart to their next job. This method can take down exponentially more ships and pinpoints the most valuable contraband – an enormous advancement from the old ways of pirating.

Tracking Oceanic Crime

As these incidents become more wide-spread and common, some companies and experts are trying to catch up with the pirates. Fighting cybercrime with cyber skills is a much better approach than fighting ruthless pirates on the open sea. An Israeli startup has developed an algorithm to identify the ships that are likely to be victims of pirates or corrupt crews. Monitoring the GPS of a ship, its intended and actual route and watching it go offline in certain Middle Eastern ports indicates suspicious activity like the transportation of illegal goods, people or weapons.

Being able to see these trends and the attack patterns of pirates helps governments around the world fight piracy and learn more about protecting IT systems of large shipping enterprises. It also brings awareness to the stark truths about cybersecurity. It can happen anywhere and cybercriminals are using it to their advantage even in the most unlikely places.

Identifying and Stopping Pirates in their Tracks

Like with any other form of attack in the cyber realm, these new pirate v2.0 attacks start with reconnaissance, weaponization and exploitation of the shipping companies CMS and databases. All of these are part of the cyber kill chain and the stages which most often leave traces which one could pick up on. Understanding the evolving threat landscape, monitoring your adversaries’ communities and continuously validating your defences is key to dealing with the cyber threat, even when it comes to cyber criminal in the seas.