Why hackers are targeting the world's shipping

Lawyer Henry Clack sadly knows a lot about Nigerian criminal gangs.

Mr Clack, a solicitor at London-based commercial law firm HFW, has to deal with them when he is representing global shipping firms that have found themselves victims of cyber attacks.

“Of the cases which HFW have been involved in, the most common counterparties that we’ve encountered are Nigerian organised criminal organisations,” he says.

“They have been responsible for perpetrating several high value ‘man-in-the-middle’ frauds in recent years.”

This type of fraud involves a hacker being able to intercept the communication between two parties, such as emails. The criminal then impersonates both in order to try to steal sensitive information, such as log-in details or financial data, or even to take control of a company’s computer system.

The cyber criminals then demand money to give back what they have stolen, or to give up their command of a firm’s computers.

HFW’s data shows that such hacking is a growing problem for the shipping sector, both attacks on ships and ports. It says that between 2022 and 2023 the cost of dealing with an attack doubled to an average of $550,000 (£410,000).

Meanwhile, in cases where cyber security experts cannot easily remove the hackers, HFW says the average cost of a ransom payment is now $3.2m.

Around 80% of world trade is carried by sea, and disruption can greatly increase shipping firms’ costs, and leave them short of capacity.

This, says John Stawpert, manager for environment and trade in the marine department of the International Chamber of Shipping (ICS), makes the maritime industry a prime target for cyber attacks, from both criminal gangs and hostile countries.

“Cyber security is a major concern for the shipping industry, given how interconnected the world is. Shipping has been listed as one of the top 10 targets for cyber criminals globally,” he says.

“The impact can be quite significant if cyber criminals manage to disrupt your operations or, for example, carry out a ransomware attack.”

And the rate of attacks is rocketing. A research group at the Netherlands’ NHL Stenden University of Applied Sciences compiled data on shipping cyber attacks over the last few years, and found that the number shot up from just 10 in 2021 to at least 64 last year.

Many incidents, says Jeroen Pijpker of the university’s Maritime IT Security research group, are linked to the governments of four countries – Russia, China, North Korea and Iran.

“What we saw with one example was that equipment was being shipped to Ukraine, and then on a Telegram channel we see people giving information about what kind of targets to attack to get some kind of disruption in the logistical chain [of that delivery].”

Other attacks are purely for financial extortion, be it gangs from Nigeria or elsewhere.

One reason for the recent rapid rise in cyber attacks is that there are now simply more routes for hackers to use.

Over the last few years, the industry has become more digital, while new communication technologies, Elon Musk’s Starlink satellite service, for example, have meant that ships have become more connected to the outside world. And therefore more hackable.

In one incident last year, a US Navy chief was relieved of her duties after she had installed an unauthorised satellite dish on her combat ship, so that she and other officers could access the internet.

Meanwhile, much of the official digitisation in the maritime industry has happened in a piecemeal way, and involves technology that can go rapidly out of date. The average cargo ship, says Pijpker, is around 22-years-old, and shipping companies can’t afford to have them out of the water too often to update.

Digitisation has brought other risks, too, including GPS jamming and “spoofing”.

“GPS spoofing means sending the navigation system a false location, and this means that the ship takes a completely different route – it can even be damaged physically if it gets into shallow waters,” says Ark Diamant of security firm Claroty.

In May it was widely reported that a container ship called MSC Antonia had run aground in the Red Sea after a suspected GPS spoofing attack.

While no suspect was accused in the reporting, Yemen’s Houthi rebels have physically attacked other cargo ships in the area. Other examples of GPS targeting in the Baltic Sea have been blamed on Russia.

Defending against GPS jamming and spoofing is difficult and expensive, but “anti-jam” technology is available.

Meanwhile, another weakness for cargo ships is the increased use of sensors to monitor their emissions. These often transmit the data, so offer hackers another possible line of entry and attack.

The good news is that the industry is working to tighten up security. In 2021, the International Maritime Organization (IMO) regulator added new cyber security provisions to its global safety management code for merchant shipping.

“These provisions brought into law more specific cyber risk management requirements to be incorporated into the ship safety management system, to address deliberate cyber-attacks, and to prescribe risk management practices into the operation of compliant merchant ships,” explains Tom Walters, another shipping specialist at HFW.

Ship management systems are now required – rather than simply advised – to include increasingly stringent cyber security measures, ranging from basic security hygiene to more technical operational and IT measures.

“Personally, I think the industry is in a good place to deal with the threat – certainly compared with six or seven years ago,” says Mr Stawpert.

“There’s hugely increased awareness across the industry of cyber attacks and cyber crime, and that will increase over the coming years.”

Back at law firm HFW, how exactly do they communicate with the criminal gangs? Henry Clack says it is via electronic text, and kept as brief as possible.

“When it does happen, it is more often than not in the context of ransomware ransom negotiations. Communication is via online messaging services, maybe one message, no more than a couple of sentences, each day.”