GTMaritime: Online scammers trying to exploit coronavirus

The following is text of a news release from GTMaritime:

(LONDON) — Maritime cybersecurity faces a new and highly unpredictable threat as scammers line up to exploit fears surrounding the coronavirus at the same time as the industry moves to encourages remote working to minimize the spread of the pathogen.

“Shipping companies are looking into reconfiguring their shore-based operations in response to the spread of coronavirus, but employees can expect to receive unsolicited messages geared to exploit their personal anxieties about the epidemic,” said GTMaritime’s Jamie Jones, operations director. “As organizations ramp up physical hygiene, it is important they don’t take their eye off cyberhygiene.”  

Researchers at Sophos recently identified a trojan campaign specifically targeting Italian email addresses attempting to play on worries about the virus. The phishing email comes with an attached Word document that claims to contain advice on how to prevent infection – but is in fact a Visual Basic for Applications (VBA) script that drops a payload to steal confidential information.

More generally, scammers are setting up websites to sell bogus products, and using fake emails, texts and social media posts to seek out personal information or financial reward. Under cover of promoting awareness, offering prevention tips or providing fake information about cases local to the recipient, fraudsters can request donations for ‘victims’ or deliver malicious email attachments to spread malware or steal log-in credentials.

“On the one hand, IT professionals working at shipping companies are at an advantage as they are already familiar with the challenges of remote working – as nothing can be more remote than a ship in the middle of the ocean,” says Jones. “On the other, they must monitor and contend with emerging risks across multiple territories rather than managing a response within a single country.”

GTMaritime recommends that shipping companies review their cyber-response plans to ensure they can withstand the fresh threats emerging due to coronavirus.

In anticipation of a broader spread of COVID-19, the United States’ Cybersecurity and Infrastructure Security Agency (CISA) has issued high-level guidance to help organizations plan for potential impacts – physical and virtual – to their workforce and operations. As well as reviewing business continuity plans for infrastructure, supply-chain and workforce impacts, CISA said all organizations should conduct recurrent assessments of preparedness. Above all, its advice envisages all machines having properly configured firewalls plus anti-malware and intrusion prevention software installed.

 Advice for maritime IT professionals:

Ensure VPNs and other remote access systems are fully patched
Stress-test remote access solutions’ ability to cope with increased usage
Ensure laptops issued to employees have firewalls, anti-malware and intrusion prevention software installed
Switch on enhanced system monitoring to receive early detection and alerts on abnormal activity
Ensure business continuity plans are up-to-date
Update incident response plans to consider workforce changes in a distributed environment.

 Advice for crew and shore-based employees:

Don’t click on links from sources you don’t know and be extremely wary of attachments
Disregard unsolicited emails claiming to be from official health agencies with new information about the virus
Do not reveal personal or sensitive operational details in emails
Ignore online offers for vaccinations, treatments or cures

By Professional Mariner Staff