Three spear phishing attempts outlined below indicate a troubling trend toward targeting cargo vessels while underway.
Incident Number 1: On January 26th 2019, a commercial vessel received an email from an individual or entity claiming to represent an official Port State Control body. The email originated from an email address noted as “firstname.lastname@example.org” and was sent directly to the vessel’s Captain requesting sensitive information about the vessel, its crew, and its cargo.
The vessel’s master was rightfully skeptical about the request and immediately activated elements of the vessel security plan related to this type of suspicious cyber incident. The vessel’s Captain reported the incident and forwarded the suspicious email and information to the local USCG Captain of the Port (COTP) for investigation and follow-up.
Incident Number 2: On March 14th, 2019, a different commercial vessel operating in the same area as the previous incident received a SAT-C message by email via the ships Global Marine Distress Satellite System (GMDSS) from an originator claiming to be a U.S. port-specific Port State Control entity. The nature of the inquiry was more direct, requesting information on the nature of the cargo. Specifically, whether the vessel had explosive or radioactive cargo aboard.