Rising Maritime Cyber Threats: Phishing, Ransomware, and Evolving Attacks Targeting Ships

According to satellite communications provider Marlink, cyber threats are rapidly evolving, with hackers continually finding new methods to bypass security measures. Marlink operates a cybersecurity center that monitors 1 800 vessels worldwide. In the past six months, it has observed a significant increase in malicious activities compared to the first half of 2023, including 79 major incidents.

Phishing remains the most common threat, exploiting human error to gain login credentials. Hackers are increasingly using “reverse proxy phishing,” a sophisticated technique where a proxy intercepts user login information without their knowledge. Once credentials are obtained, attackers may install malware, create botnets, or establish persistent access to steal data.

In addition to data theft, maritime operators face threats from ransomware groups, which have caused some of the most disruptive attacks in the industry. Nine major ransomware gangs, including BlackCat, PLAY, and Black Basta, have been actively targeting maritime operations, leading to system paralysis, shipment delays, and financial losses.

Marlink advises companies to strengthen their defenses by implementing a robust Security Operations Center (SOC) for proactive monitoring. As hackers continue to adapt, effective measures such as heightened security protocols and better monitoring are essential to safeguard operations.