State-sponsored and organized crime threats to maritime transportationsystems in the context of the attack on Ukraine

• Autorzy: Cichocki R.

Identyfikatory

DOI

10.12716/1001.17.03.24

• Języki publikacji: EN

Abstrakty

EN

Due to its strategic importance and vast impact on the world economy, maritime transport has become a cyber battlefield. Cybersecurity organizations across the world notice and analyze adversaries such as Bear from Russia, Panda from China, Buffalo from Vietnam, Chollima from North Korea (DPRK), and others from Columbia, India, Turkey, and Iran, as well as hacktivist and E-Crime. In 2014 - 2023, Ukraine became the object of massive cyberattacks aimed at its political, social, and economic destabilization. This situation changes the perception of cyberspace and its importance for ensuring the security of the global economy, in particular, the maritime economy. Reports published by the US Coast Guard show that. In this publication, the author reviews the cybersecurity threat landscape targeting the maritime industry and transportation systems and analyzes the technics, tactics, and procedures (TTPs) used by threat actors.

Słowa kluczowe

EN

cyber attack; cyber incidents; maritime cyber resilience; cyber resilience; maritime cyber security; maritime cyber threats; cybersecurity; advanced persistent threat

• Wydawca: Faculty of Navigation, Gdynia Maritime University
• Czasopismo: TransNav : International Journal on Marine Navigation and Safety of Sea Transportation
• Rocznik: 2023
• Tom: Vol. 17 No. 3
• Strony: 717--721
• Opis fizyczny: Bibliogr. 28 rys.

Twórcy

autor

Cichocki R.

• Gdynia Maritime University, Gdynia, Poland

Bibliografia

• [1] ʺCrowdStrike 2023 Global Threat Report | Executive Summary,ʺ crowdstrike.com. https://www.crowdstrike.com/resources/reports/globalthreat‐ report‐executive‐summary‐2023/ (accessed June 14, 2023).
• [2] ʺM‐Trends 2022: Cyber Security Metrics, Insights and Guidance From the Frontlines,ʺ Mandiant.https://www.mandiant.com/resources/blog/m‐trends 2022 (accessed June 14, 2023).
• [3] K. Monica, S. James, and S. Max, ʺThe Cyber Operations during the 2022 Russian invasion of Ukraine: Lessons Learned (so far),ʺ Jul. 2022. [Online]. Available: https://eccri.eu/wpcontent/uploads/2022/07/ECCRI_WorkshopReport_Version‐Online.pdf.
• [4] ʺ2021 Cyber Trends and Insights in the Marine Environment (CTIME) Report,ʺ Aug. 2022. Accessed: June 14, 2023. [Online]. Available:https://safety4sea.com/uscg‐cyber‐trends‐and‐insightsin‐the‐marine‐environment/.
• [5] B. Svilicic, K. Junzo, M. Rooks, and Y. Yano, ʺMaritime Cyber Risk Management: An Experimental Ship Assessment,ʺ J. Navig., vol. 72, pp. 1–13, Feb. 2019, doi: 10.1017/S0373463318001157.
• [6] M. Maynes, ʺOne simple action you can take to prevent 99.9 percent of attacks on your accounts,ʺ Microsoft Security Blog, August 20, 2019. https://www.microsoft.com/enus/security/blog/2019/08/20/one‐simple‐action‐you‐cantake‐to‐prevent‐99‐9‐percent‐of‐account‐attacks/(accessed June 14, 2023).
• [7] D. Freeze, ʺMulti‐Factor Authentication Is (Not) 99Percent Effective,ʺ Cybercrime Magazine, February 23,2023. https://cybersecurityventures.com/multi‐factorauthentication‐is‐not‐99‐percent‐effective/ (accessed June14, 2023).
• [8] ʺHacking Two Factor Authentication: Four Methods for Bypassing 2FA and MFA – The CISO Perspective,ʺJanuary 13, 2022. https://cisoperspective.com/index.php/2022/01/13/hacking‐two‐factor‐authentication‐four‐methods‐forbypassing‐2fa‐and‐mfa/ (accessed June 14, 2023).
• [9] “CVE ‐ CVE‐2021‐32648.” https://cve.mitre.org/cgibin/cvename.cgi?name=CVE‐2021‐32648 (accessed June 14, 2023).
• [10] Editorial, ʺUkraine banking and defense platforms knocked out amid heightened tensions with Russia,ʺNetBlocks, February 15, 2022. https://netblocks.org/reports/ukraine‐banking‐anddefence‐platforms‐knocked‐out‐russia‐conflict‐JBQX7mAo (accessed June 14, 2023).
• [11] https://news.viasat.com/viasat, ʺKA‐SAT Network cyber attack overview,ʺ viasat.com, March 30, 2022. https://news.viasat.com/blog/corporate/ka‐sat‐networkcyber‐ attack‐overview (accessed June 14, 2023).
• [12] ʺ2022 Ukraine cyberattacks,ʺ Wikipedia. May 04, 2023. Accessed: June 14, 2023. [Online]. Available: https://en.wikipedia.org/w/index.php?title=2022_Ukraine_cyberattacks&oldid=1153205698.
• [13] State of the Hack: One Year after the APT1 Report, (February 28, 2014). Accessed: June 14, 2023. [Online Video]. Available:https://www.youtube.com/watch?v=88o‐uifbJSE.
• [14] “Internet Crime Complaint Center(IC3) | Annual Reports.” https://www.ic3.gov/Home/AnnualReports (accessed June 14, 2023).
• [15] Coast Guard Cyber Command, ʺ2022 Cyber Trends and Insights in the Marine Environment (CTIME) Report,ʺ United States Coast Guard, May 2023. [Online]. Available:https://www.uscg.mil/Portals/0/Images/cyber/2022CTIM EReport_Final.pdf?ver=lFYiLZqt4dbVf2RFTgL15g%3d%3d&timestamp=1685643398263.
• [16] A. Ajdin, ʺHapag‐Lloyd flags spear phishing attack,ʺSplash247, March 08, 2022. https://splash247.com/hapaglloyd‐flags‐spear‐phishing‐attack/ (accessed June 15,2023).
• [17] ʺPhishing impersonates shipping giant Maersk to push STRRAT malware,ʺ BleepingComputer. https://www.bleepingcomputer.com/news/security/phishing‐impersonates‐shipping‐giant‐maersk‐to‐pushstrrat‐malware/ (accessed June 15, 2023).