All hands on deck: Attackers have entered the maritime industry (1/4)

Not known to many is that the maritime industry is a popular target for state-sponsored cyber attackers. Yet, Hunt & Hackett has observed an increasing activity of Advanced Persistent Threat groups (APTs) in the maritime industry. In this series of blogs, the threat posed by APTs to maritime and related industries is analyzed and it is explained what motives lie behind their cyber-attacks. In this first part, the challenges the global maritime industry is facing are being discussed and why these challenges bring along another challenge of cyber-security as well.

The maritime industry is crucial to the global supply chain as well as the success of the ongoing globalization of the world’s economy. A large share of global trade is seaborne. Waterways connect the factories of China with the consumers in the West and vice versa. They enable the trade of oil from the Middle East to refineries all over the world. Without shipping, trade would severely slow down or even come to a halt, impacting consumer prices, the global economy and global wealth immediately. The oceans are of great importance for militaries as well. International waters can’t be claimed as territory and are free for anyone to access by law. For navies, such as the US Navy, the oceans play a vital role in strategically dispersing their military forces around the world in order to maintain their hegemony and surveil adversaries that could cause instability. The oceans also reduce dependencies on military bases of other nations as it enables them to get close to conflict situations on their own terms. Naval ships are equipped with the most advanced weapon-systems and navigation- and spy technologies to be able to operate far from home independently or in cooperation with other ships in a fleet.

Just like any other industry, the maritime industry is facing several challenges in the coming years. The COVID-19 pandemic has caused a small interruption in years of growth for the industry as a whole. The growth in the industry is a result of an increased global demand due to steep population and wealth growth. It is expected that the industry will soon recover fully from the effects of the pandemic and continue the trend of growth. Other, more structural challenges the maritime industry is facing, are industry 4.0, sustainability and resilience (see table 1).


Industry 4.0 Sustainability Resilience
The maritime industry is undergoing a major transformation. The industry is progressively developing and applying technological advancements such as Big Data, Artificial Intelligence and Autonomy Technology. Information Technology (IT) and Operational Technology (OT) systems are increasingly being integrated for efficiency and effectivity purposes. Overall, maritime vessel are becoming more and more interconnected with processes on board and can be monitored and controlled from a distance. The downside is that it significantly increases both the attack surface and impact potential. Currently, the maritime industry is responsible for around 2,5% of global greenhouse gas emissions. This number is expected to increase due to the foreseen growth of the industry. The International Maritime Organization (IMO) is actively promoting sustainability in the industry. An example of this is their goal of reducing CO2 emissions by 40% in 2030 and by 70% in 2050. International regulations to enforce sustainability in the maritime industry have already been implemented and the expectation is that more will follow. These environmental goals will drive a significant innovation push that will increase competition and impact the global competitive landscape. The vulnerability of the global supply chain became exposed to the world when the merchant vessel ‘Ever Given’ got stuck in Suez Canal, blocking one of the most important waterways in the world. The incident, which lasted for only 6 days, costed an estimated amount of almost 10 billion US dollars. The blocking of the Suez Canal is just a stand-alone example, but clearly demonstrates that one local disruption works as a ripple effect and can severely impact the global supply chain. This incident is likely to have caught the attention of threat-actors, such as pirates, terrorist and cyber-ransomware groups on how to disrupt the global supply chain for their illicit actions.

Table 1 – The current great challenges of the maritime industry explained.


Industry 4.0

All three of these challenges for the maritime industry have a link to cyber-security. The first, the transformation to industry 4.0 requires significant number of technological innovations, thus companies are heavily investing in Research & Development projects. However, these projects are time and capital consuming. This means that for countries like China, Russia and Iran, who are investing a lot of their resources in the upscaling of their maritime capabilities, lengthy R&D projects are not preferred. Upcoming economies, such as the BRIC (Brazil, Russia, India & China) countries, often fall behind when it comes to technological advancements. Western nations have been developing know-how and technologies on a top-notch level for decades, while the BRIC countries have only recently reached a competitive level. The catch-up with the West would take these countries many years and a fortune in research expenses. Gaining access to R&D information and technologies through cyber-attacks is cost effective and time efficient, particularly as there are currently limited consequences if one gets caught. Moreover, the nature of industry 4.0 is digitalized and interconnected. This opens a window for cyber-attackers to infiltrate systems and extract data from them, or even take over the control of ships entirely.

Timeline of industries

Figure 1: - The next phase of industralization: industry 4.0


The second challenge the industry is facing, is the quest for sustainability, one of the biggest challenges humanity is currently facing. In order to counter climate change and the global warming, an all-encompassing approach is needed. The global maritime industry can’t stay behind. Following directives and regulations from the IMO, the industry is moving towards lower greenhouse gas emissions, decreasing their negative impact on the environment. In order to achieve the ambitious goals of emission reduction, the maritime industry needs to be innovative. Efficiency needs to be boosted and materials used, need to be durable and sustainable. Adding to that, resources are getting scarcer, and energy needs to be renewable. These are demanding tasks for R&D departments. As stated before, R&D projects are costly and often take years before baring fruit. It will also change the competitive landscape where the new leaders will be the organizations that find the most (cost)effective solutions to reduce emissions. This means that the businesses competing in this space will want to keep a close eye on what the competition is doing. Additionally, when a country swiftly wants to comply with IMO regulations, without investing too much of its resources into sustainability innovations, keeping an eye on the developments in other countries is quite the logical move. However, innovative companies are often not eager to share their hard-won information or technological advantage. To still be able to obtain business secrets, some countries are likely to deploy their cyber-forces: APTs.



The third major challenge the maritime industry is facing, is to uphold and improve the resilience of global trade system. As was quite painfully indicated by the ‘Suez incident’ in spring 2021, one incident along the trade pipeline has the ability to cause havoc worldwide. And yet again, cyberspace plays a vital role here. Ransomware can cripple entire companies, as happened with Maersk, the largest shipping company in the world with a market share of around 17%. One can imagine the impact of suddenly losing a key player in the industry on the global trade system. Regional and international ports have been targets in the past as well. The ports of Barcelona, San Diego, Rotterdam, Jawaharlal Nehru (India) are just a few examples of ports that have been under attack by hackers. These incidents have demonstrated the impact and therefore potential that threat-actors such as pirates, terrorists, cyber-ransomware groups and nation states can establish on the global supply chain through offensive cyber-operations. It has also highlighted how little is needed to cause major disruption in the global supply chain if one can control a ship at the right time and place.


In conclusion

It is clear that the maritime industry is undergoing significant change and is becoming an increasingly attractive target for hackers. This is further illustrated by Israeli cybersecurity firm Naval Dome, who have observed an increase of 900% in cyber-attacks on maritime operational technology (OT) between 2017 and 20201. For all companies active in or related to the maritime industry, this is plenty reason for concern. Hunt & Hackett defends its partners from cyber-threats by investigating who the threats are, why they are targeting this particular industry and how they plan on doing it. This is the reason why Hunt & Hackett tracks hacker-groups, often sponsored, backed or tolerated by nation-states and known as Advanced Persistent Threat groups (APTs) that have shown activity in the maritime- or related industries.

Hunt & Hackett does not just focus on the maritime industry to protect the maritime industry. Threat actors in related industries, such as industrial, manufacturing and technology, pose a long-term risk for the maritime industry, because they often depend on each other and develop innovations together. APTs active in related industries can easily jump over to maritime.

Currently, Hunt & Hackett is aware of 249 APTs active, now or in the past, in the maritime and related industries. In their effort, they have deployed 2.063 Tactics, Techniques and Procedures (TTPs) and 1.901 attacking Tools (see table 2). To describe these TTPs and Tools, how they work and when they are used would result in a book of considerable proportions. However, Hunt & Hackett carefully tracks these attacking methods and finds ways to defend against them, so you and your organization don’t have to.


  APTs TTPs Tools
Maritime, Industrial, Manufacturing and Technology 249 2063 1901
Maritime, Industrial, Manufacturing 116 1489 1399
Maritime Industry 76 1119 1096

Table 2 - The number of APTs, and the TTPs and Tools they used in agricultural and related industries as observed by Hunt & Hackett.


This first post in the Hunt & Hackett series on maritime industries has had the goal of providing the reader with an understanding of the current challenges of the maritime industries worldwide, and why there are cyber-forces being deployed by adversaries in order to tackle these challenges. In the next part, we zoom in on two of the most active nations that are targeting the maritime industry: China and Russia.


2. All data used in tables: Hunt & Hackett Threat Diagnostic Tool.



Keep me informed

Sign up for the newsletter