Hackers could create another incident in Suez

The Suez Canal It is one of the safest waterways in the world, with checkpoints covering the 193 km commercial artery. However, despite the military hardware in place, it is the ships transiting the canal that could pose the greatest security threat.

With the GPS spoofing on the rise in multiple locations around the world and cyber attacks demonstrating how easy it is to take control of a shipa new report on maritime cybersecurity has suggested that Suez could suffer a repeat of the Ever Given disaster that blocked the canal for six days last year, albeit this time at the hands of hackers.

Published by Thetius, CyberOwl and HFW, the new report, titled The Great Disconnectdetails many cyber incidents including how the tanker Stena Impero’s GPS was falsified to force it to cross into Iranian waters involuntarily in 2019 with the ship and its crew held for months.

For its part, Splash recalls that the equipment required for basic GPS attacks costs less than $100the report warned, adding that with the resources of a nation-state, “a sophisticated parody across an entire region or sea is not just a possibility, it is a reality«.

Taking over the controls of a ship is also remarkably easy, as CyberOwl data shows that the 54% of the ships it monitors have between 40 and 180 connected devices on board. This includes expected devices such as business workstations, PCs, printers, and business phones.

Most alarmingly, on many ships monitored by the company, it was found that systems that were thought to be isolated, such as load computers and engine monitoring systems, were connected to the commercial IT networkboard it somehow.

more than 60% of the computers monitored by CyberOwl have various unofficial or crew-installed programsand 30% of computers make frequent use of the local administrator account that gives the user all rights to the machine.

“The grounding of the Ever Given in the Suez Canal was not caused by a cyber attackbut it is an example of the consequences of such an event,” the report stated, warning: “If malicious actors need an example of the power and simplicity of putting the helm in a hacked steering systemThey don’t need to look beyond the headlines in the news.”

Other key takeaways from the 43-page report include news that in February of this year CyberOwl discovered nation-state malware on systems aboard seven separate vessels belonging to a large liner fleet. The malware belonged to the PlugX family, which is designed to provide the attacker with remote access to the affected systemfollowed by full administrative control of the machine without permission or authorization.

This includes the ability to manipulate files, run commands, and broadcast locally. The particular malware variant was first discovered in 2020 and linked to political espionage in foreign nations.

Related: Role of humans in supporting port cyber defense

Hackers could create another incident in Suez