EmergencyList of Vessels
Person typing on the keyboard of a laptop

Cyberattacks on the rise – key recommendations

Cybersecurity is vital to the maritime industry, and yet vulnerabilities are increasingly being exploited by criminals. In this article, we share two examples of recent cyberattacks against Gard, as well as our key recommendations to prevent losses.

Written by

Lone Hellevik

Successful cyber-attacks can have serious consequences, such as operational disruptions, data leakage and financial losses. It is therefore important to raise awareness and improve security measures among maritime stakeholders, including crew members, operators, and service providers. With that in mind, we share our experience with two recent cyber-attacks aimed at Gard’s operations.

The most common threats

Ransomware campaigns affecting the maritime sector are a high threat. They are typically carried out using a “trojan horse” disguised as a legitimate file, which the user is tricked into opening.

Phishing by email continues to be the most common means of attack, although phishing via SMS, phone, social media and even Microsoft Teams also occurs.

And whatever the method – they can be profitable: According to the American analysis company Chainalysis, cybercriminals earned more than USD 1 billionlast year through ransomware extortion.

Recent Gard examples

In Gard, like most digital companies, we experience an almost constant inflow of cyberattack attempts, and we have also seen an increase over the past few years. The following gives a summary of one of our most recent examples:

  • False emails: In an existing email thread between Gard and other parties regarding a case, fraudulent email addresses were added to the communication. These addresses were created to look like legitimate addresses that were already in the existing email thread.

  • Real names: Real employee and company names were used in the fraudulent emails, both as senders and added in copy.

  • Changes in payment details. In one of the fraudulent emails, bank account changes were requested. This was a red flag, alerting the employee to dig deeper and the fraud was detected.

Ransomware on Teams

  • In another case, Gard experienced an attempted ransomware attack on Teams (a method which was used also against several other companies last year, according to Cybernews). In brief, this is the method that was used against Gard:

  • Using a well-known person: First, several employees received a Teams chat invitation from what looked like a company manager, but in reality was a cyber attacker.

  • Triggering emotions: The content in the Teams chat was designed to trigger personal concern. The topic was “organizational changes”, and part of the message read: “In an attached file you can see if you keep your job”.

  • Fishing for clicks: By reaching out to many employees at the same time, the attacker increased the possibility for success. One single person opening the file could have been enough to potentially affect all employees. It could have led to malware that encrypted files and spread to other laptops.

Cybersecurity incidents like these show the importance of both awareness and security maturity in the solutions and the incident handling. Unfortunately, parts of the maritime industry have suffered from immature levels of security and lack of user awareness among staff. We have seen several incidents where a high-risk website has been visited, or the business infrastructure has been misused for personal purposes. To avoid costly incidents, our advice is to improve cybersecurity training and awareness with clearer procedures and guidance for online behaviour.

Our recommendations

Below are our cybersecurity recommendations for onboard behaviour:

  • It is safer to visit an official website instead of clicking on a link in emails or scanning QR codes

  • Check links by hovering over the link. You can see the real web address in your browser's bottom left corner. If the address looks suspicious, do not click.

  • Use a passphrase to create strong and unique passwords with upper and lowercase letters, numbers and symbols or spaces

  • Use several authentication factors (like facial, fingerprint or an authenticator app) if possible

  • Separate between business and personal email use

  • Do not connect unauthorized personal equipment to networks on ships or other business locations

In Gard, our staff are trained to be security “STARs” (acronym for Stop, Think, Ask, React):

  • Stop – Resist acting on impulse, especially if something in an email or other channel triggers emotions, is urgent or unusual.

  • Think – Think before clicking or doing anything. Is this a message I expected to receive? Is this a person I know? Take time to reflect if the message makes sense to you or not.

  • Ask – If in doubt, get a second opinion from a colleague, security, or your manager. Sometimes, just sharing your issue can help you think clearer.

  • React – Notify security or your manager if something is suspicious, unusual or if you have been tricked.

Additional resources:

Safer and Cleaner Shipping - IACS

Maritime cyber risk (imo.org)

Electronic glitch can lead to large claims - Gard

Do you know your weakest link - Gard

Related articles

News and Insights

Stay updated

Get updates from Gard in your inbox. Read our latest news and insights.

Sign up

LinkedIn

@gard_insurance

Facebook

WhistleblowingTransparency ActComplaintsCode of ethics and business conductSupplier Code of ConductCommitment to the UN Global CompactModern Slavery Act statementDisclaimerCookies and data protection

Gard is a member of

IGP & I company logoCefor company logoMACN company logo