New report warns hackers could create another Ever Given incident in the Suez

Date: Thursday, November 3, 2022
Source: Splash 24/7

The Suez Canal is among the most secure waterways in the world, with thousands of soldiers and check-points covering the 193 km trade artery. However, despite the military hardware on site, it is the ships transiting the canal which could pose the greatest threat to security.

With GPS spoofing on the rise at multiple locations around the world and cyber attacks proving how easy it is to take control of a ship, a new report on maritime cyber security has suggested the Suez could suffer a repeat of the Ever Given disaster which blocked the canal for six days last year, though this time at the hands of hackers.

Published by Thetius, CyberOwl and HFW, the new report, entitled The Great Disconnect, details many recent cyber incidents including how the Stena Impero tanker’s GPS was spoofed to force it to cross into Iranian waters unintentionally in 2019 with the ship and its crew then held for months.

The equipment required for basic GPS attacks costs less than $100, the report warned while adding that with the resources of a nation-state, “a sophisticated spoof on an entire region or sea is not just a possibility, it is a reality”.

Getting to take over a ship’s controls is also remarkably easy with data from CyberOwl showing 54% of the ships it monitors have between 40 and 180 connected devices onboard. This includes expected devices such as business workstations, PCs, printers, and company phones. Most alarming is that on many vessels monitored by the company, systems that were thought to be isolated, such as cargo computers and engine monitoring systems, were found to be connected to the onboard business IT network somehow.

Over 60% of computers monitored by CyberOwl have various unofficial or crew-installed software, and 30% of computers make frequent use of the local administrator account giving the user full rights to the machine.

“The grounding of the Ever Given in the Suez Canal was not caused by a cyber attack but it stands as an example of the fallout of such an event,” the report stated, warning: “Should malicious actors need an example of the power and simplicity of putting the rudder in a hacked steering system hardover, they need look no further than the headlines in the news.”

Other key takeaways from the 43-page report include news that in February this year CyberOwl discovered nation-state malware on systems onboard seven separate vessels belonging to a large liner fleet. The malware belonged to the PlugX family, which is designed to provide the attacker remote access to the affected system, followed by full admin control of the machine without permission or authorisation. This includes the ability to manipulate files, execute commands, and spread locally. The particular malware variant was first discovered in 2020 and linked to political espionage on foreign nations.


[Read from the original source.]