What cyber threats has Angel been blocking so far? A look at the real-world cases of attempted cyber attacks on vessels

604 368 Navarino

Navarino launched Angel, the first cyber security solution for maritime back in October and since then we have seen a huge amount of interest in our new service. We have been installing Angel on multiple fleets around the world and in this article we are going to look at some of the actual cyber security attacks which Angel has faced, and how it detected and prevented them from causing damage.

Our Solutions Architect, Mr Stratos Margaritis works closely with our Angel team, and he has been involved on the front line of Navarino’s cyber security solution. For this article, we asked him to explain what has been going on behind the scenes with Angel and how its dedicated Security Operations Centre (SOC) have been monitoring Angel vessels at sea.

‘Since we began installing Angel, we have seen several different threat levels levelled against vessels. Angel is designed to detect, recognize and prevent cyber attacks and we are delighted to see how successfully it has been working. There have been an unbelievable number of what I would call low to medium level attacks, as well as several that were classified as critical which could have caused severe downtime on vessel networks. Now, let’s look at a couple of examples.

The first case occurred on the business network of an Angel equipped vessel. One of the business PCs on board was infected by malware and it was contacting command and control servers. This malware was informing the command and control servers that the PC is infected and then the command and control server makes sure it uses that pc to attack other servers. For example it could send emails that would appear to originate from the on-board PC. That PC actually becomes part of a botnet. Angel identified this attack, and because Angel recognised that type of attack, it allowed the traffic to pass but alerted the SOC so that they could identify the attacker. Then, the SOC identified that it was malware on the PC on board, not a human being, carrying out the attack and so the SOC enabled the blocking function of Angel to stop the attack.

Another case was a sequence of attacks towards the Infinity web interface on board. The system realised that someone or something was trying to use sophisticated cracking algorithms to discover administrative passwords of Infinity. Thanks to its Intrusion Detection and Intrusion Prevention systems Angel was able to recognise that it was malware creating these attacks and blocked this attack by disallowing connections between the infected pc and the Infinity onboard.

One more attack that occurred on the crew network was when malicious software was trying to use a ‘backdoor’ version of a popular FTP server. Backdoor versions of applications are those which resemble the original version but which have been hacked to insert malicious code into it. The user thinks he is using the original ’clean’ version of the software but in fact he is using an infected version. In this case, the malicious software was trying to contact the outside world in order to open a door for the hacker to enter the onboard crew network. Again, Angels’ Intruder Detection System identified the backdoor version of the software as a threat and blocked it.’

To learn more about Angel, or to arrange a webex to see it working in action, please contact your Navarino account manager who would be happy to help to arrange one.