Senior commander says a merchant vessel was infected with a virus that destroyed its network, reports The Wall Street Journal.
Emotet malware
The cyber attack on a merchant vessel that prompted a U.S. Coast Guard warning this month was due to an infection with the Emotet malware.
This virus has been particularly effective in attacking government and corporate networks.
$1 million to fix?
The Coast Guard revealed more details about the February attack this week at a cyber security conference hosted by Fordham University and the Federal Bureau of Investigation.
The Department of Homeland Security referred to Emotet in a 2018 advisory as “among the most costly and destructive malware affecting state, local, tribal and territorial governments,” costing on average $1 million per attack to fix.
Inferior cyber security practices
The ship may not have been specifically targeted by hackers. Instead, the virus could have been introduced into the ship’s systems due to shoddy cyber security practices.
Coast Guard Capt. Jason Tama, captain of the Port of New York and New Jersey and commander of the Sector New York region, said the agency received a report in late February from a U.S.-flagged ultra-large containership, known as a deep-draft vessel, bound for New York City.
Network totally debilitated
The crew reported that their shipboard network had been “totally debilitated” by malware, Capt. Tama said at the conference. They couldn’t resolve the issue, and neither could the shipping company’s system administrators, working onshore.
“I’m pretty confident there are cyber incidents happening on vessels throughout the world every single day, most of which aren’t reported to any sort of authority,” Capt. Tama said. “So in this case, the fact that it was reported meant we knew it was significant enough that there must have been a big problem aboard that ship.”
Marine alert from Coast guard
The Coast Guard issued a marine alert in early July, describing the incident in broad terms and warning the maritime shipping industry that it should be taking basic precautions against cyber attack.
WSJ Pro Cyber security at the time reported on the incident and the state of cyber security in the maritime industry, which experts characterized as poor.
The Port of New York and New Jersey handles $1 billion to $2 billion in cargo per day, Capt. Tama said. If the ship’s malware spread and shut down the port, it could be economically disastrous. He wanted to act quickly.
Risk-management decision
“I needed to make a risk-management decision on how to deal with the ship. What was the state of the shipboard network? What was the state of the ship’s critical navigation systems, engine control systems, et cetera? We had to make a quick assessment,” he said.
The Coast Guard contacted the FBI and then sent its own team of cyber specialists by boat to board the ship before it docked, to assess the damage.
Once aboard, the team quickly realized that the ship’s systems had fallen victim to a credential-mining virus, which Capt. Tama said was Emotet. The malware had infiltrated the ship’s network due to an almost total lack of cyber security safeguards, he said.
Investigation findings
An investigation by the Coast Guard and the FBI found that
- there was a single login to the ship’s computer shared among all crew,
- that external hard drives and
- memory devices were routinely plugged in without security measures, and
- that there was no antivirus software installed on the ship’s computers.
Sharing of memory sticks
In addition, Capt. Tama said, the vessel had visited ports in Pakistan, India and Oman. In those ports, it had been common practice to share memory sticks containing cargo and route data, human resources information and fuel data, with third-party vendors, and plug them directly into the network.
Industries holy cow moment
Speaking at the same conference, Paul Ferrillo, a partner at law firm Greenberg Traurig LLP, said the publication of the alert was a “holy cow” moment for the industry, on par with the 2012 hack of Target Corp. or the NotPetya attacks in 2017.
The malware infection of the deep-draft vessel, he said, exposed just how much worse the effects could have been.
An environmental disaster?
“What if that’s a really dirty liquefied natural gas tanker loaded to the gills with fuel? That’s a real problem,” Mr. Ferrillo said, highlighting the potential for environmental disasters that could occur in the wake of a damaging cyber attack on a shipping vessel in port.
The ship’s crew and operator cooperated with the Coast Guard and the FBI, Capt. Tama said. July’s alert, he said, was meant to “ring the bell” on the poor state of cyber security in the maritime shipping industry.
“I’ve been on a lot of ships,” Capt. Tama said. “What we found on this ship is not anomalous.”
Did you subscribe to our daily newsletter?
It’s Free! Click here to Subscribe!
Source: The Wall Street Journal