The Coast Guard Cyber Command, Maritime Cyber Readiness Branch informs the stakeholders of an increase in fake business websites targeting the Marine Transportation System (MTS), reports Safety4Sea.
Fake websites
As it is informed, many Marine Transportation System partners have discovered well-constructed, fake websites masquerading as their legitimate business websites.
The aim of these sites is to steal information from or install malware on customers’ devices interacting with the sites. Actually, they are not designed to impact the maritime organization directly, but resemble watering-hole style attacks where the intended targets are individuals and entities visiting the site.
The maritime stakeholders, whose websites could be spoofed, should regularly review their online presence and validate their legitimate websites.
For this reason, Maritime stakeholders who discover fraudulent or spoofed websites should immediately notify their customers and stakeholders of the illegitimate pages and report it to their local Coast Guard unit.
Measures to be followed
The stakeholders could also utilize other resources available to combat these malicious actors (e.g. the FBI’s Internet Crime Complaint Center their web browser’s reporting mechanism, their Internet Service Provider, and local law enforcement).
It is important to note that while not all attacks can be prevented, the negative impacts can be mitigated.
In order to avoid falling victim to a spoofed website, the Coast Guard makes the following recommendation to the maritime stakeholders:
- Be wary of untrusted traffic – Treat all traffic transiting your network – especially third-party traffic – as untrusted until it is validated as being legitimate.
- Avoid clicking on links from third parties – Where possible, enter the correct address of the respective website manually in your browser or open it via your bookmarks.
- Utilize a Secure Web Gateway (SWG) – A SWG is a solution that filters unwanted software/malware from user-initiated web/internet traffic and enforces corporate and regulatory policy compliance. SWG’s have many benefits including URL filtering, malicious-code detection and filtering, and application controls for popular web-based applications.
- Keep systems updated – Keep all hardware and software up-to-date with the latest security updates and patches.
- Enable Multi-factor Authentication (MFA) – Enable MFA across all applicable end-points to reduce the impacts of stolen user credentials during a successful attack.
Recently, a new research explored the maritime industry’s relationship with cyber security risks, and makes recommendations to ship owners and operators to improve how those risks are managed within their organizations.
Did you subscribe to our daily Newsletter?
It’s Free! Click here to Subscribe
Source: Safety4Sea
