In its Global Maritime Cyber Threat Report published earlier this month, Marlink explores cyber threats within the maritime industry, highlighting the increase in sophisticated attack methods such as reverse proxy phishing.
According to Marlink, during the first half of 2024 (H1 2024), a significant portion of the threats neutralized continued to follow the most common attack vector seen since 2022: phishing. However, there has been a notable increase in a more advanced form known as “reverse proxy phishing.”
The evolution of the threat landscape in the first six months of 2024 has continued to surprise. It is clear that even vessel operators who have previously acted against cyber threats must consider this a continuous process.
… said Nicolas Furgé, President Digital, Marlink in an article published on their website
Phishing is a classic cyberattack method where attackers impersonate legitimate entities (like banks or service providers) to trick users into providing sensitive information, such as login credentials or financial data. Traditional phishing often relies on fake websites or fraudulent emails to capture user data.
As explained by MJ Casado de Amezua, Threat Intelligence Analyst, Marlink, “Reverse proxy phishing,” on the other hand, is a more sophisticated version. Instead of simply creating a fake website, the attacker sets up a “proxy” that sits between the legitimate website and the victim.
This proxy captures the user’s credentials and, in real-time, forwards them to the actual site, making the victim feel like everything is normal. The danger of this method lies in its ability to bypass multi-factor authentication (MFA), which is commonly used to protect sensitive systems.
Reverse proxy phishing opens the door to serious cybersecurity threats such as Command and Control (C&C) systems, botnets, and Remote Access Trojans (RATs). Once attackers gain access to a network, they can deploy C&C infrastructure to remotely control compromised systems, potentially creating botnets—large networks of infected devices used for malicious activities like Distributed Denial of Service (DDoS) attacks.
Additionally, attackers may install RATs, granting them full control over the victim’s machine, allowing them to monitor activity, steal more data, or execute commands covertly.
In the maritime sector, these attacks can significantly impact operations, disrupting shipping logistics and manipulating sensitive communication systems. Delays, loss of reputation, and costly recoveries are just a few of the possible outcomes. To combat these threats, it is critical that maritime companies adopt advanced security technologies. Security Operations Centres (SOCs) must enhance their monitoring capabilities with real-time threat detection, AI-driven behavioral analysis, threat intelligence, and stronger MFA solutions.
Focussing on the combination of people, procedures and precautions, these companies can better protect themselves and their stakeholders, ensuring safer and more resilient operations.
… explained Nicolas Furgé
By doing so, organizations can better protect themselves from this evolving cybersecurity threat, ensuring safer and more resilient operations.
