Following on from our high-level investigation of the container shipping industry, we have taken a closer look at the Danish seaports. Once more, our approach has been to conduct external reconnaissance related to two very simple cyber security aspects.
For those unfamiliar with the technicalities of cyber security, there is a very practical comparison. Imagine you are burglar, and you intend to locate houses for your next break-ins. As a burglar you want to minimize the risk of being caught and maximize the possible pay-off of a break-in. Consequently, you perform some simple reconnaissance prior to your “work”. First, you would walk into the targeted neighborhood to have a look around. You would keep your eye out for houses with signs of open windows facing into gardens out of view where the owners are not home. You would look for overflowing mailboxes indicating the owners are away on vacation. And you would try to actively avoid places with clear signs that alarms are operational and prioritize those without alarms.
Such reconnaissance is not perfect – a seemingly open and deserted house might turn out to have a guard dog or a solid bolted-in safe. But an outward facing weakness is a sign for the burglar, that his chance of success is higher in these places – and consequently these places get targeted more often. The first line of defense for a homeowner is to appear outwardly as being vigilant – and hence be de-selected to start with.
The same can be done in terms of cyber security, where criminals will also perform reconnaissance to select their targets. The Danish Center for Cyber Security (CfCS), which is part of the Danish Defense Intelligence Service, states explicitly in their threat assessment from October 2020: ” Economic motivated criminals hack private companies and public authorities across society, including maritime companies. These criminals pose the greatest cyber threat to the Danish maritime industry. “
We have chosen just two simple reconnaissance aspects for this investigation: Does the port use https for their websites, or only the unsecured http? And do they use DMARC to prevent others from sending emails in their names?
The reconnaissance covers all 45 Danish ports spread on both publicly and privately operated ports.
Https versus http
In terms of https versus http, it turns out that 31%, accounting for 36% of all cargo volume shipped to and from Danish ports, do not consistently use https. The vast majority of ports also do not have interactive functions on their websites and from that perspective a port might argue that such security is not necessary. However, the problem ranges beyond the website itself – it is an indicator of cyber weakness and will serve to increase the likelihood, that a cyber criminal will select the organization as a potentially weak target.
Email security
In terms of email security, we find that only 20% have DMARC protection enabled. 69% do not have any DMARC protection and the remaining 11% does have DMARC but configured in such a way that it is ineffective. The companies without effective DMARC protection account for 54% of the total cargo volume to and from Danish ports.
This being problematic can be seen from the following statement in CfCS’s threat assessment: “In so-called Business Email Compromise (BEC), scammers typically compromise and monitor the victims’ emails. Criminals also hit the maritime industry with this type of fraud. The threat emanates both from fraudsters targeting companies across society and from groups specializing in targeting the maritime industry.”
In conclusion, an extremely simple reconnaissance exercise can quickly help someone with criminal intent to select and de-select which ports to potentially target, simply based on outwards-facing weaknesses. Just as with the burglar, the first line of defense is to not appear as an attractive target at all, and hence be de-selected for attack. Unfortunately, the majority of Danish ports would remain firmly on the list based on a first reconnaissance.
Read more about our maritime cyber security services here: https://improsec.com/en/maritime-cyber-security-vessel-assessment