Cyber Security criminals and attacks are becoming more and more aggressive and complex. Our technology and defense systems against cyber-attacks stop many potential attacks, but can never become fullproof. We need to keep cyber security top of mind on a daily basis, as our own individual alertness and actions are the last line of defense.
E-mail is still the primary communication tool used by businesses and individuals, so we can expect e-mail this to be a continued and evolving IT-security threat.
Phishing
Phishing is the most common cyber security threat, and works as an attempt to trick you into giving information. The information in the e-mail tricks you into clicking a link that goes to a fake webpage.
If you are not careful, you will be lured into giving important personal information, or get infected by a virus simply by clicking the link. This can enable the cybercriminal to gain access to your computer, personal details, account or financial information.
The danger with phishing e-mails is that they are often simple e-mails consisting of text and links, so they cannot be blocked by technology.
They are often targeted, with the scammers having knowledge about you and the company you are working for – we have experienced phishing e-mails pretending to come from Odfjell management, and others from banks, vendors, authorities etc.
While the database we are using to store Bow News subscribers' e-mails is secure, it cannot be denied that most of our e-mail addresses have the same structure, i.e., name + last name @gmail/yahoo. It is therefore possible that you, our seafarers, will receive phishing e-mails in your personal inbox.
Ransomware
Like phishing emails, ransomware e-mails can also bypass security checks. Apart from the text, ransomware e-mails merely contain links or attachments pretending to be legitimate documents. These are dangerous, as clicking on a link or downloading the attachment automatically installs the ransomware, encrypting all your files which you can only access after you pay a certain amount.
Voicemail scam
You receive a voicemail that prompts you to call back for information on a prize you won. When you call back, you will be charged exorbitant fees.
Text scam
The scammer sends you a text that looks like it came from a friend or a colleague, inviting you to catch up or give them a call. Once you respond to the text message or call the number, you are charged a high rate for each call, the charges increasing by the second.
Ransomware scam
Your mobile phone suddenly freezes as you surf the web. A rather official-looking message appears on the screen, claiming that your phone is frozen due to violation of laws. In order for you to use your phone again, you are required to pay a “fine” that will need to be deposited into a debit account.
Infected apps
Apps downloaded from websites or installed outside the official Google Play or Apple App Store will often contain infected code, enabling cybercriminals to monitor your activities and gather information, or disable your mobile phone. Never download and install apps outside Play or App Store unless you are certain that the app is legit and safe.
Early this year, it was discovered that there are certain vulnerabilities in modern processors that allow programs to steal data stored in the memory of other running programs. This can include passwords, personal photos, e-mails, instant messages, critical documents and other sensitive information.
Information Security professional Daniel Miessler explains that Meltdown, which affects Intel and Apple processors, takes advantage of a system flaw allowing kernel memory access from user space, meaning any secret a computer is protecting (even in the kernel) is available to any user able to execute code on the system.
Spectre, meanwhile, affects Intel, Apple, ARM, and AMD processors and works by tricking them into executing instructions they should not have been able to, granting access to sensitive information in other applications’ memory space.
Meltdown and Spectre work on personal computers, mobile devices, and even in the cloud.
While Odfjell IT ensures that the computers we use on board and in the offices are protected from these threats, the responsibility of taking care of our personal devices rests upon all of us. It is imperative that we keep the softwares on our computers, laptops, tablets and phones updated.
Unfortunately, cybercrime is here to stay, especially in a major international industry as ours. As we can see in the video below, the people working in the maritime industry are as vulnerable as everyone. And most of the time, cybercrimes succeed not because of system errors but because people do not do the basics.
Let’s all of us try to become “Human Firewalls” when it comes to cyber security, and keep safety as our top guiding principle in the digital world, just as we do in the real world. Be aware: Stop – Think – Act.
