- Nigerian criminal gangs and state-backed actors are increasingly targeting the shipping industry with sophisticated cyberattacks, including man-in-the-middle fraud and ransomware.
- The financial impact is escalating, with average attack costs doubling to $550,000 in 2023 and ransom demands averaging $3.2 million.
- Despite IMO’s new cyber security provisions and industry-wide improvements, growing digitalization, GPS spoofing, and satellite connectivity make ships and ports more vulnerable.
Henry Clack, a solicitor at London-based law firm HFW, says Nigerian organized crime groups have been behind several high-value man-in-the-middle frauds in shipping. These involve intercepting emails between companies, stealing sensitive data, and demanding ransoms. HFW notes that costs linked to such incidents doubled between 2022 and 2023, averaging $550,000 per attack. Where ransom payments were unavoidable, the average climbed to $3.2 million.
Shipping as a Prime Cyber Target
According to John Stawpert of the International Chamber of Shipping (ICS), maritime transport is an attractive target since 80% of world trade moves by sea. Attacks can disrupt operations, inflate costs, and strain shipping capacity. The volume of incidents is increasing rapidly — rising from 10 attacks in 2021 to 64 in 2023, according to research from the Netherlands’ NHL Stenden University of Applied Sciences.
Geopolitical Links and State Actors
Many cyber incidents are tied to Russia, China, North Korea, and Iran. Attacks have included attempts to disrupt supply chains for Ukraine and targeting commercial vessels. GPS jamming and spoofing have also emerged as new threats, with incidents such as the MSC Antonia grounding in the Red Sea suspected to be linked to spoofing. Other cases in the Baltic Sea have been blamed on Russia.
Growing Vulnerabilities from Digitalization
The industry’s shift to greater connectivity, including Starlink satellite internet and digital monitoring systems, has created more entry points for hackers. Most cargo ships are over 20 years old, with outdated technology that is costly to upgrade. Emission-monitoring sensors also provide potential vulnerabilities.
IMO Regulations and Industry Response
In 2021, the International Maritime Organization (IMO) mandated cyber risk management measures under its global safety management code. Ships must now adopt stronger security measures, ranging from basic IT hygiene to advanced operational safeguards. Stawpert says industry awareness has significantly improved compared to six years ago, putting shipping in a better position to counter threats.
Negotiating with Criminals
At law firm HFW, communication with hackers — often in ransom negotiations — is deliberately minimal. Clack explains that exchanges usually occur over online messaging platforms, with one or two short messages per day to reduce risk.
Did you subscribe to our daily Newsletter?
It’s Free Click here to Subscribe!
Source: BBC
