The US-based broadband and telecommunications company’s RISK Team cybersecurity unit noted that a global shipping conglomerate had seen its vessels attacked by pirates over the past few months who seemed to know which containers held high-value data-x-items inside.
Instead of detaining crewmembers on the ships for a number of days while searching for valuable cargo, the perpetrators would board a vessel, hold the crew in an area and empty the contents of specific containers before quickly exiting the ship.
When investigated by crewmembers, it appeared that the perpetrators had detailed knowledge of the contents of those cargo containers or crates locating them via their individual barcodes and then stealing their valuable contents before making a swift getaway.
Verizon’s cybersecurity experts discovered that the shipping company used a homegrown content management system to handle shipping inventories particularly that for the bills of lading associated to each cargo vessel.
Perpetrators had uploaded a malicious web shell to compromise the shipping company’s server and CMS allowing them to access passwords to download bills of lading for shipments ahead and target crates which had high-value content inside as well as identify the ships scheduled to transport these cargoes.
Verizon’s cybersecurity experts subsequently provided the shipping company with the necessary information to shut down the hacked servers, block the IP address used by the perpetrators, reset all the compromised passwords and reconstruct the affected servers with the latest versions of its CMS.
A report released by KPMG in 2014 had warned that cybersecurity on board merchant vessels and at major ports was 10 to 20 years behind the curve compared with office-based computer systems, leaving them wide open to an ever-increasing range of threats, while a paper issued by Lloyd’s Joint Hull Committee in conjunction with law firm Stephenson Harwood in February 2016 noted that the loss of a ship as a result of a cybersecurity breach was foreseeable.