Ransomware hits DNV's ShipManager software.
DNV's fleet management software recovering from ransomware attack.
According to the LoadStar, the ship classification society DNV has disclosed that its ShipManager fleet management software was hit by a ransomware attack on January 7th.
About a thousand vessels managed by DNV's ShipManager have been affected.
DNV says approximately one thousand vessels belonging to seventy of its customers have been affected:
"DNV experts have shut down ShipManager’s IT servers in response to the incident. All users can still use the onboard, offline functionalities of the ShipManager software."
"There are no indications that any other software or data by DNV is affected. The server outage does not impact any other DNV services. DNV experts are working closely with global IT security partners to investigate the incident and to ensure operations are online as soon as possible. DNV is in dialogue with the Norwegian police about the incident. DNV is communicating daily with all 70 affected customers to update them on findings of the ongoing forensic investigations. In total around 1000 vessels are affected.
"We apologize for the disruption and inconvenience this incident may have caused."
TradeWinds reports that as of January 17th, DNV was still working to bring ShipManager back online.
The shipping sector as a target for cyberattack.
Stephan Chenette, Co-Founder and CTO at AttackIQ, notes that the severity of the consequences renders the shipping industry an attractive target for extortion:
”This is the latest in a string of ransomware attacks affecting the shipping industry.
"Major players in the maritime industry are always attractive targets for cybercriminals because of the potentially massive impact it can have on the global supply chain and world economy. In the case of DNV, threat actors were able to shut down the IT servers connected to DNV’s ShipManager software system, which supports the management of vessels and fleets in all technical, operational and compliance aspects.
"To prevent similar attacks, organizations must study the common tactics, techniques, and procedures used by common threat actors, which will help them build more resilient security detection, prevention, and response programs mapped precisely to those known behaviors. Organizations should use automated solutions that safely validate their defensive controls against ransomware campaigns and their techniques to better prepare for the next threat.”
Almog Apirion, CEO and Co-Founder of Cyolo points out that attacks against maritime GPS systems and port facilities have already become, if not commonplace, increasingly frequent:
"In recent years, maritime threats have become increasingly prominent as new naval systems like GPS, satellite communications and remote monitoring solutions are opening greater vulnerabilities in the organizations’ attack surfaces. Only two weeks ago, the third-largest port in Lisbon was hit by a LockBit ransomware attack. As attacks on the maritime industry become more common, the impact on organizations becomes more palpable. With this recent DNV example, we see a clear impact on product availability. However, the effects go beyond, with consequences in economies and if worse comes to worse, even putting human lives and safety at risk.
"Maritime shipping routes are a critical part of the global supply chain, so any disruption to the safe movement of goods is an economic crisis the world cannot afford right now. In this context, maritime organizations must examine their security posture and their dependency on and access from software suppliers, more so as many devices on maritime vessels share credentials or use default accounts. As shipping vessels become more digital, securing the software companies use becomes paramount. If this third-party reliance is not controlled and secured properly – whether in port or at sea – it can become a catastrophic problem for maritime shipping companies resulting in major safety and business challenges.”