Written by Geir Inge Jensen, CISO | 01 September 2021
Think before you click!
Every shipping company should drill this mantra into its crews.
90% of all cyberattacks start with email. Are your shore staff and vessel crew aware of what can happen when they take the bait in a phishing email?
You need to train them to be very careful in handling emails and not letting their guard down.
Nonetheless, people will still make mistakes. An unsuspecting crew member could activate malware by clicking on a link in an email or simply by visiting an infected website from a computer or device with outdated software.
Even though awareness and training should be an essential part of your cybersecurity risk management processes, attacks relayed by email are challenging to mitigate without reliable technological solutions in place.
Endpoint security such as firewalls can’t prevent laser-targeted social engineering attacks, which the recent onslaught of - the now shutdown Emotet - and Trickbot trojan malware demonstrates.
Like most shipping companies, you probably have vessel IoT devices that are sending data back to the system provider via the cloud. This requires an open DNS – which, in turn, paves the way for attackers to bypass your firewall. Our security data shows that MIRAI, an IoT botnet, has been very active over the summer, attacking an exploding number of smart devices, even Cisco equipment.
DNS – the Internet's phone book:The Domain Name System (DNS) is the core technology that directs users to different websites and other Internet locations. Simply put, the system turns humanly understandable domain names into internet protocol (IP) addresses understood by machines. For example, when you type in the domain name www.dualog.com, this is converted into (the very difficult to remember) IP address 104.17.119.180, where the computer will fetch the data from. DNS is sometimes called the Internet's phone book because it converts a website's name that people know to a number that the Internet actually uses. As the all-Internet-catalogue (for both good and bad stuff), DNS is easily accessible to users with good intentions – but also to threat actors. |
Your onboard computers and mobile devices use recursive DNS as the first step to connect to sites on the Internet. Unfortunately, attacks with the objective of data exfiltration are executed over DNS – namely, command-and-control callbacks.
This is how a C2 attack happens: Malware that has compromised your vessel network communicates back with the infrastructure (a command-and-control server) set up by the attacker, which then takes command of the targeted system onboard. This can be computers used by the captain and/or deck officers, smartphones used by crew members, and even IoT devices connected to the network.
DNS protection identifies where these hacker command centres are staged, and blocks requests over any port or protocol, preventing both infiltration and exfiltration attempts.
Read more: What are command-and-control (C2) callbacks?
DNS is a great place for plugging in a defence layer that protects against threats that traditional security solutions, such as antivirus or firewalls, often miss.
As DNS is the first step in making a connection on the Internet, it makes sense to detect and respond to potential cyberattacks there, before any data is downloaded by deck officers or crew members heedless of the ‘Think before you click’ advice.
Any malicious connection blocked at the DNS level stops there.
Dualog® Protect provides an additional layer of security that is simple to implement and highly effective. By operating at the DNS level – blocking malicious content before it can access the site – the service allows your crews to use the Internet safely.
Equally important, Dualog® Protect provides a detailed dashboard with complete insight into all DNS requests and highlights and alerts for any malicious (or potentially malicious) activity.
Dualog® Protect protects all computers and devices attached to all of your shipboard networks, drastically reducing the risk of malware attacks on any of your vessels.
Read more: Dualog® Protect – easily explained
Dualog® Protect is easy to set up and configure, with four levels of predefined policies to choose from, applied fleetwide or individually per ship or even per network. You can even design company policies only to allow specific services or sites and block others.
And from the moment it’s deployed onboard, the dashboard starts getting populated with live and statistical information.
Geir Inge Jensen is the Chief Information Security Officer at Dualog. Adding over 20 years of experience in network design and cybersecurity, Geir Inge is passionate about developing solutions and services that help shipping companies create a more cyber-resilient environment onboard their vessels. When he is not fighting maritime cybercrime, you can find him in the mountains enjoying the great outdoors with his camera in hand.
