On the crow’s nest: observing cyber threats preying on the maritime sector

Friday 4 October 14:00 - 14:30, Red room

Jean-Michel Doan (SEKOIA)

Thanks to increasing signals sent in the past few years alerting to the sensitivity of the commercial maritime industry to cyber risks, and also because of some unfortunate experiences, the maritime industry has begun to develop stronger cybersecurity strategies. There is, however, a lack of intelligence dissemination relative to maritime-dedicated cyber threats as compared to other sectors - a situation which may not help improve security. We've therefore endeavoured to establish a prevalence level for threats that target this sector specifically. To do this, we've queried malware databases for maritime-specific delivery strategies and analysed the resulting data. The results show a drastic 15-fold increase of maritime-specific maliciousness between 2017 and 2018 followed by a plateau. Perhaps unsurprisingly, most of the threats observed represent malware-carrying BEC-style attacks. Does this increase represent a specific focus of BEC crime on the maritime industry or does it follow a general trend in BEC attacks? To answer this question, we intend to further categorize the threats based on malware families and observed TTPs and we will compare the trends in this sector with other sectors impacted by similar threats. 



Jean-Michel Doan

Jean-Michel Doan has been analysing cyber threats for the past ten years for French computer security providers. JM has a Ph.D. in Biology and no 'hard' computer background, so he feels lucky and thankful to have worked alongside great colleagues who have helped him on the technical side. He currently works at SEKOIA.

Back to VB2019 Programme page

Other VB2019 papers

The push for increased surveillance from fiction and its impact on privacy

Miriam Cihodariu (Heimdal Security)
Andrei Bogdan Brad (Code4Romania)

Last-minute paper (TBA)

Speaker TBA (TBA)

Conference closing session

Martijn Grooten (Virus Bulletin)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.