In its February issue of Phish & Ships newsletter, Be Cyber Aware at Sea campaign highlighted major developments in the era of cyber and acknowledges the top 6 cyber threats for this year. The newsletter presented research results from the Carbon Black Threat Analysis Unit, revealing that despite the sudden spurt in malware and ransomware attacks worldwide, non-malware attacks were the weapons of choice for cyber criminals in 2017.
Specifically, 52% of all cyber attacks in 2017 were non-malware attacks despite ransomware attacks growing from being a £630 million industry in 2016 to a £3.7 billion one in 2017. The research revealed how ransomware attacks, along with malware and non-malware attacks, have created a ‘vast attack surface’ for hackers who are more creative and persistent than ever before.
What is more, the US Coast Guard Office of Port and Facility Compliance recently announced the release of two new cybersecurity framework profiles for the Offshore Operations and Passenger Vessel industries, providing a pathway for these industries to implement the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
These profiles reflect how organisations align the NIST framework’s cyber security activities, outcomes, and informative references to organisational business requirements, risk tolerances, and resources. They outline a desired minimum state of cybersecurity and cyber risk management, and provide the opportunity to plan for future business decisions.
In addition, the Royal Navy has revamped one of the most famous Second World War propaganda slogans to warn its sailors to be careful what they tweet. It issued an updated version of the 1943 “loose lips sink ships” poster, tweaked to refer to social media instead, and featuring the new HMS Queen Elizabeth aircraft carrier going down in flames. There is real concern that sensitive information could inadvertently be posted in public by somebody on board who did not realise the significance of what they were sharing.
Another key point emphasized was a shipping company failing in an attempt to recover $1.8m from its bank, after it was paid fraudulently to an
unknown third party. The fraudsters had accessed the client’s email account in an apparent “whaling” scam. This is a type of phishing email scam that targets high level executives such as CEOs, who have access to valuable information. Four payments totaling $1.84m, were made by the bank following the receipt of email instructions, and the shipping company is now appealing the case.
It is alleged, the bank received six outward telegraphic transaction instructions from the owner of the company via email in the form of remittance application forms. The judge dismissed the claim finding that the bank was not negligent and therefore not liable for the claim. The judgment highlights issues with small to medium enterprises (SMEs) in terms of authorisation of payments and the use of webmail accounts.
Explore more cyber news herebelow: