Digitalization is accelerating across all industry sectors, including the maritime transport sector, where automation and digitalization are implemented by utilizing various Information and Communication Technologies (ICT). However, as maritime transport technology advances, there is a growing concern regarding cyber attacks on ships.

Notably, maritime transport systems are connected through networks like the internet and satellite communication. These systems are vulnerable to cyberattacks from multiple sources, making them a crucial concern in the cybersecurity industry. Ship hacking often targets maritime transport systems with vulnerabilities exposed on the internet rather than direct attacks where attackers attempt to access the ship. In this article, we will investigate the number of maritime transport systems and devices currently connected to the internet and vulnerable to hacking threats.

Statistics for Devices Exposed on the Internet and Vulnerable to Ship Hacking

With the Cyber Threat Intelligence (CTI) Search Engine Criminal IP, you can discover maritime transport systems connected to the internet worldwide.

You can search using the Ships tag with the “tag:filter” in Asset Search. This filter allows you to search for cyber threats associated with a particular field or category. In this case, the Ships tag allows you to find the necessary infrastructure for ship navigation, such as maritime wireless communication devices and information systems. 

The following search results revealed maritime transport related devices exposed to the internet, collected by Criminal IP’s threat intelligence from December 3, 2023, to January 3, 2024. In total, 1,627 maritime transport devices were identified on public IP addresses.

Criminal IP Cyber Threat Intelligence search results for maritime transport related systems and devices exposed to the attack surfaces
Criminal IP Cyber Threat Intelligence search results for maritime transport related systems and devices exposed to the attack surfaces

Not all maritime transport devices connected to the 1,627 IP addresses have serious vulnerabilities. However, the exposure of some maritime transport systems may pose significant security risks.

Here is an example discovered in the search results of Criminal IP using the Ships tag.

The Exposure of VSAT (Very Small Aperture Terminal), a Device Connecting Ships With Communication Satellites

VSAT is a device that connects ships to satellites for communication. Satellite devices openly connected to ships are highly vulnerable to hacking, which can lead to various detrimental consequences. Therefore, it is crucial to be vigilant about their security. Even the slightest exposure of a device connecting ships and satellites could result in a potential attack surface.

This report details the threat posed by an IP address associated with a maritime transport system detected by Criminal IP with the Ships tag.

IP address report for the maritime transport system detected by Criminal IP with the Ships tag
IP address report for the maritime transport system detected by Criminal IP with the Ships tag

The IP address threat score is verified with an inbound score of 99% (Critical) and an outbound score of 60%. Additionally, it has a total of three confirmed severe vulnerabilities.

IP address report for the maritime transport system detected by Criminal IP with the Ships tag
IP address report for the maritime transport system detected by Criminal IP with the Ships tag

A web server named SAILOR 900 VSAT High Power was discovered on ports 80 and 443, with vulnerabilities detected across all ports.
Three vulnerabilities were identified on those ports. They were CVE-2022-22707, CVE-2019-11072, and CVE-2018-19052. The exploit proof of concept (POC) for the CVE-2018-19052 vulnerability is already available on GitHub.

“SAILOR 900 VSAT” is a popular product of COBHAM. This company provides various solutions for marine satellite communications. Connecting to ports 80 and 443 of this IP address allows you to access the actual operating web interface of COBHAM’s SAILOR 900 VSAT, as shown in the image below.
If hackers gain access to this server, manage to find a vulnerability and attempt an exploit using the published proof of concept, it could compromise this system and other systems connected to the ship’s satellite network.

The web interface of the SAILOR 900 VSAT, a marine satellite communication device detected by Criminal IP
The web interface of the SAILOR 900 VSAT, a marine satellite communication device detected by Criminal IP

The web dashboard of the system displays the ship’s location information along with details such as the model name and version of the device in use.
The web dashboard also includes a menu with features like satellite connection settings. This could lead to a severe security incident if a hacker infiltrates and gains administrator privileges. 

Statistics for Countries with Maritime Transport Systems Exposed to Attack Surfaces

In the threat intelligence statistics related to ships detected by Criminal IP, you can view the statistics on countries whose maritime transport systems are exposed to attack surfaces.

The statistics revealed 38 countries with maritime transport systems exposed to threats. All of them are using the Cisco IOS XE Web UI devices. Among them, the United States appeared the most with 367 devices, followed by Norway with 128 devices, and China with 117 devices.  

Statistics of countries with maritime transport related devices exposed to attack surfaces
Statistics of countries with maritime transport related devices exposed to attack surfaces

Protect Against Ship Hacking With Attack Surface Management

In addition to marine satellite systems, several other digital systems and devices can be primary targets for ship hacking. For instance, if a centralized management system monitoring ships and terminals is compromised, it could pose a national threat. Similarly, the situation applies if a maritime transport system affiliated with a military or national agency is compromised. Ship hacking can cause various damages, including information leaks, cyber terrorism, ransomware attacks, and immediate maritime safety accidents. International organizations and companies, particularly the shipbuilding industry, are actively developing regulations and technologies to advance maritime transport cybersecurity. Nevertheless, the proper approach to attack surface management by system operators and security personnel holds greater significance than having an outstanding security system and meticulous regulatory management.

The following checklist outlines preventive measures for safeguarding against cyberattacks. You can refer to this checklist when employing attack surface management through a search engine or a solution platform. These measures are applicable not only to ship hacking but also to all internet-connected devices and applications.

  • Check the devices exposed to a public network and block the exposure
  • Carefully review the permissions and security settings if your system needs to connect to a public network
  • Change the default password for the administrator account on maritime transport devices and systems
  • Keep all your devices and systems up to date with the latest version of security updates

Related to this topic, you can refer to the article on Detecting Web Applications Exposed to the Apache Struts 2 RCE Vulnerability.

This report is based on data from Criminal IP, a Cyber Threat Intelligence search engine. Create a free Criminal IP account today to access the search results cited in the report and search for more extensive threat Intelligence.

Source: Criminal IP (https://www.criminalip.io)

Related Article(s):

Detecting Web Applications Exposed to the Apache Struts 2 RCE Vulnerability