The cybersecurity expert Brian Krebs: The malware has undergone a rebrand. Binary is virtually identical, and employs the same "MZ-as-alternative-entrypoint" trick.
Sea News: Cyber attacks on the maritime industry’s have increased by 900% over the last three years. The targets are the operational technology (OT) systems, and this year breaches will be more than 500
Cyber attacks on the maritime industry’s have increased by 900% over the last three years. It has been reported by Sea News. In 2017 there were 50 significant operational technology (OT) systems hacks reported, increasing to 120 in 2018 and more than 310 in 2019. This year is looking like it will end with more than 500 major cyber security breaches, with substantially more going unreported, explained Robert Rizika, Naval Dome’s Head of North American Operations, at the 2020 Port Security Seminar & Expo. Since NotPetya – the cybercrime malware that resulted in a US$300 million loss for Maersk – “attacks are increasing at an alarming rate. In 2018 the first ports were affected, with Barcelona, then San Diego falling under attack. Australian shipbuilder Austal was hit and the attack on COSCO took down half of the shipowner’s US network.”
The cyber attack on Iran’s Shahid Rajee port raised public awareness of the potential wider impact of cybercrime threats on ports around the world
In 2020, “a US-based gas pipeline operator and shipping company MSC have been hit by malware, of which the latter incident shut down the shipowner’s Geneva HQ for five days. A US-based cargo facility’s operating systems were infected with the Ryuk ransomware, and last month the OT systems at Iran’s Shahid Rajee port were hacked, restricting all infrastructure movements, creating a massive back log,” Rizika added. Reports of this cyber attack have gone some way in raising public awareness of the potential wider impact of cybercrime threats on ports around the world. Intelligence from Iran, along with digital satellite imagery, showed the Iranian port in a state of flux for several days. Dozens of cargo ships and oil tankers waiting to offload, while long queues of trucks formed at the entrance to the port stretching for miles, according to Naval Dome.
The OT systems are weak, and operators rarely know if an attack has taken place. Moreover, their breaches are not covered by insurances
“The network connecting RTGs, STS cranes, traffic control and vessel berthing systems, cargo handling and safety and security systems, etc., are under threat,” said Rizika. “Unlike the IT infrastructure, there is no “dashboard” for the OT network allowing operators to see the health of all connected systems. Operators rarely know if an attack has taken place, invariably writing up any anomaly as a system error, system failure, or requiring restart. Systems are being attacked but they are not logged as such and, subsequently, the IT network gets infected. What is interesting is that many operators believe they have this protected with traditional cyber security, but the fire walls and software protecting the IT side, do not protect individual systems on the OT network. Moreover, OT system hacks are not covered by insurances.