In 2022 and beyond, you can no longer rely only on basic endpoint security tools, such as firewalls or antivirus software, to protect your ships from increasingly sophisticated cyber threats. You need DNS protection.

As you’re reading this, there’s probably a malicious email on its way to an inbox on one of your vessels. 

Do you have a shipboard protection mechanism installed that blocks threats designed to circumvent firewalls or stand-alone antivirus solutions?

If not, you’re leaving your fleet vulnerable to cyber attacks that get sneakier – and more devastating – by the day.

Advanced phishing attempts – and what stops them

Suppose the captain on one of your ships receives an email from a maritime organisation he has communicated with not too long ago. The subject line includes ‘RE:’ and ‘Invoice #’ – with a valid-looking invoice number and the name of your shipping company.

Unsuspectingly, his mind wandering, the captain clicks the link leading to a compromised site, which automatically initiates download of a zip file containing malicious content. 

Without knowing it, he has just activated a sophisticated malware attack. 

This hypothetical scenario has been the stark reality lately as waves of phishing attacks have hit commercial shipping.

How do you secure your ships against malware with malicious links?

Recipients of this attack would see the sender as someone they have previously worked with, replying to an email chain they might recognise as safe. The result is deceptively real and very hard to identify as malicious.

That is why you need to implement a protection mechanism that operates at the DNS level – blocking malware, trojan and phishing attempts before they can do any harm at all to your onboard systems and networks.

In simple terms, DNS protection means providing an additional layer of protection between a crew member and the Internet, by blacklisting dangerous sites and filtering out unwanted content.

Read more: Why Dualog® Protect operates at the DNS level

As more and more malware uses DNS as its first step to executing an attack, stopping the first step may prevent the rest of the attack from happening entirely.

This is exactly what Dualog® Protect does. 

How Dualog® Protect works

Dualog® Protect has a DNS server installed onboard your ships, which sends all DNS queries to the Dualog Cloud. In the cloud, every DNS request is analysed to validate whether the user is allowed to access that site or not. A query will be blocked if the site is of a malicious nature, like a Command-and-Control, malware, or similar queries.

Sites can also be blocked based on content types. For example, you can decide to block all video streaming sites, social media platforms, or a dozen other categories to fit your company policy. 

All of this configuration is done in the Dualog Portal. In a matter of seconds, you can reconfigure tens or even hundreds of ships to have a new policy in their onboard networks. You also store information on DNS queries, where you can have a full overview of the situation across all your ships, a key requirement towards IMO compliance. 

Here’s a short video that illustrates how Dualog® Protect works:

Summary

Yesterday’s IT protection tools are child’s play for modern-day cybercriminals. With Dualog® Protect in place to provide that crucial extra layer of security fortification to your IT operations, you drastically reduce the risk of malware doing harm to your ships. 

Dualog® Protect operates at the DNS level, stopping most command-and-control (C2) callbacks and data exfiltrations.

Want to learn more about how to improve cyber resilience across your vessels with Dualog® Protect? 

Check out our 15-minute webinar, where we give a brief introduction to Dualog® Protect and how to get started in less than 15 minutes.