Marlink reports an increase in maritime cyber threats

Marlink has released the latest global maritime cyber threat report prepared by its Security Operations Center (SOC), showing an increase in common threats in the maritime industry.

The report, based on data collected in the first half of 2024, highlights the changing tactics of cybercriminals who are increasingly attempting to bypass previously effective security controls using new tools.

Marlink’s maritime SOC actively monitored more than 1,800 vessels in the first half of 2024, including all types of cargo ships as well as cruise ships, superyachts and offshore vessels.

The data shows that malicious activity increased significantly in the first six months compared to the previous year. SOC analysts have observed a continued rise in common threats such as command-and-control attacks, as well as the evolution of botnet attacks, which are increasing in complexity and scope.

READ: HPC puts maritime cybersecurity in the spotlight

Phishing remains the most common method for attackers to access corporate networks. The SOC report also noted an increase in malicious blacklisted traffic. This highlights the importance of maintaining up-to-date threat intelligence feeds and applying strict security policies to prevent unauthorized connections to high-risk websites.

The volume of botnet activity increased significantly as new botnets emerged using more advanced techniques, including AI-powered botnets that target IoT devices and have more sophisticated automation capabilities.

The SOC registered 23,400 malware detections and 178 ransomware detections in the first half of 2024. Firewall events, which occur when a process or application attempts to connect in violation of a client’s network security policy, rose to over 50 billion, while security events reached 14.8 billion. The number of alerts rose to 1.4 million and the number of major incidents managed by the SOC reached 79.

READ: NYK Line selects Marlink as smart hybrid network provider

According to Marlink, the sharp increase in malware detection highlights the growing threat landscape, but also demonstrates the effectiveness of endpoint detection and response (EDR) tools in identifying and containing widespread malware.

“During the first half of the year, the threat landscape monitored by SOC in the maritime environment continued to evolve and surprises us compared to what we saw in 2023,” said Nicolas Furgé, President Digital, Marlink.

“Malicious actors are evolving their attack patterns and launching fraudulent campaigns that bypass previously effective security controls such as two-factor authentication, forcing us to respond and increase security levels to ensure operations are protected.”

Last month, the Port of Seattle isolated its critical systems after the port discovered system failures resulting from a cyberattack last month.

Most recently, Hamburg Port Consulting (HPC) hosted its ninth talk show CONNECTING PORTS at the beginning of the month, which focused on the growing vulnerability of port facilities to cyber attacks.

Is safety a priority in your business?

Join the Maritime Safety Series: Port Editiona new virtual event from Port Technology International and ICHCA focused on improving port security through discussion and innovation.