Attacks on naval companies have been accentuated, ushering in a new meaning for the term ‘virtual pirates’.
‘Pirate’ is a term that has long applied to criminals or people acting on the margins of the law, especially those who live in the sea of cargo theft. Hence the name ‘Virtual Pirates’ – a name commonly used to designate Blackhat Hackers, people with excellent skills in the area of systems security, but who use this knowledge for illegal activities.
If the word pirate refers to criminals acting on the high seas, it can no longer be said that virtual pirates are just criminals in the network. There are already cases of real pirate groups that also use the nets to attack ships.
When CyberKeel, a cyber-security firm specialising in shipping, controlled one of the medium-sized shipping firm’s emails, they made a shocking discovery, the BBC said.
“Someone had hacked into the systems of the company and planted a small virus,” explains co-founder Lars Jensen. “They would then monitor all emails to and from people in the finance department.”
As Jensen soon discovered, e-mail reading was by no means the only thing the virus did. Every time a fuel supplier sends an invoice to the company, the virus changed the bank account number listed on the invoice. “The client pitched millions of hacker bank accounts before we discovered it,” added Jensen.
Breaking into a shipping firm’s computer systems could allow attackers to access all kinds of sensitive information.
This is just one example of what CyberKeel has to deal with. In June, Maersk, one of the world’s largest shipping hotspots (and many others) were hit by the notorious NotPetya ransomware, which cost the company some $ 300 million unprofitable revenues.
Jensen founded her company a little more than three years ago and, according to her, nobody really wanted to take them seriously. “Do not waste time, shipping is pretty safe, they told me at the beginning,” said Jensen. Now the mentality has changed, the times have changed.
There have been cases of criminals who have identified the route and location of specific products of their interest, invaded the ship and took only the targeted product. One such case was investigated by Verizon and occurred in 2016. This is yet another sign of the spread of security issues for various areas hitherto considered free from virtual attacks.