A ransomware attack claimed by the Anubis group against Croatia’s Adriatic Port of Ploče and newly disclosed findings from U.S.-seized “dark fleet” tankers are drawing attention to the growing cyber risks facing global maritime operations. The rising RaaS group Anubis was seeking $10M in Bitcoin or threatened to release the stolen data on the dark web.
Meanwhile, the Coast Guard exclusively shared with the Wall Street Journal a report examining sanctioned oil tankers which uncovered sophisticated communications, networking, and tracking technologies designed to support covert maritime operations and evade monitoring.
According to the Coast Guard’s discoveries, the technology found aboard the tankers enabled vessels to maintain communications, coordinate activities, and obscure operational visibility while avoiding sanctions enforcement. Experts with Finite State and Black Hills Information Security offer perspectives on the matter.
Josh Marpet, Senior Product Security Consultant, Finite State
“Drug cartels have, for years, been using private cell phone networks, radar, and LiDAR in order to evade wire taps, bypass, communication, blackouts, and effectively create one of the most important things in warfare, effective communications.
"If we’re seeing the same behavior come out of unsanctioned oil operations, then we’re talking about systems that have risen out of long-term nation state-level attempts to bypass other nation state's blockades and sanctions. It’s not simple to set up a private cell network across miles of water. It’s not simple, cheap or easy to set up private Internet across large expanses of land and sea.
"And to set up a reconnaissance/scouting system so that you can warn tankers and vector them around the searching vessels, that’s incredible amounts of money, effort, and time, which means a couple of things.
"One. There’s a lot of money in this. It’s worth it to do it from a financial standpoint. Two. They’ve got a cyber security group or a military cyber warfare group doing it for them. And the fact that they have built this capability is impressive and scary. This implies that they have a SigInt (signals intelligence) capability sufficient to evade at least some military groups.
John Strand, Owner, Black Hills Information Security, Inc.
"Attacks like this continue to demonstrate that threat actors are increasingly strategic in how they target systems. They are focusing on points of entry that allow them to maximize impact across multiple industries. By doing so, they significantly increase both the likelihood of receiving payment and the overall size of the payout.”
