A new Marine Safety Information Bulletin from the U.S. Coast Guard demonstrates that cybercriminals aren’t just after land-based businesses.
Businesses owning commercial vessels were warned in a recent U.S. Coast Guard bulletin of phishing emails using brand deception in an attempt to obtain sensitive information. Leveraging domains that appear to be port authorities and content looking similar to an official Notice of Arrival, scammers are attempting to trick recipients into clicking on potentially malicious attachments.
According to the update, the Coast Guard has even received reports of malicious software designed to disrupt shipboard computer systems.
Whether sabotage, data exfiltration, or espionage is the intended result, these cybercriminals are using the #1 proven tactic to gain control over credentials, endpoint, and – in this case – ship systems.
Maritime-focused businesses should be aware of such attacks, and look to educate employees. It’s important to consider that teaching users about this one tactic won’t protect your business, as tactics change daily.
Teaching them to be vigilant in looking for suspicious communications, web offers, text messages, and even phone calls, is necessary to ensure the security of your organization. Frequent Security Awareness Training is the only means to ensure that users are continually security-minded, enhancing the security stance of the organization daily.