Lawyer Henry Clack has grim experience with Nigerian criminal gangs.
Clack, a solicitor at London-based law firm HFW, represents shipping firms hit by cyber attacks. He says Nigerian organised groups are the most common counterparties. They have carried out several high-value “man-in-the-middle” frauds in recent years.
How hackers trick the shipping industry
This fraud allows hackers to intercept communication between two parties. They then impersonate both sides to steal log-in details, financial data, or even control of a company’s system. Criminals later demand payment to release stolen data or to give up control of computers.
HFW data shows hacking in the shipping sector is rising, both against ships and ports. Between 2022 and 2023, the average cost of an attack doubled to $550,000 (£410,000). If experts cannot quickly remove hackers, ransom payments now average $3.2m.
The industry’s global vulnerability
Around 80% of world trade moves by sea. Any disruption raises costs and reduces shipping capacity.
John Stawpert, manager for environment and trade at the International Chamber of Shipping (ICS), warns that the maritime industry is a prime target for cyber criminals and hostile states. “Cyber security is a major concern for shipping, given how interconnected the world is,” he says. “Shipping ranks among the top 10 targets for cyber criminals globally. The impact can be serious if criminals disrupt operations or launch ransomware attacks.”
Attacks are accelerating fast
A research group at the Netherlands’ NHL Stenden University found cyber attacks on shipping jumped from just 10 in 2021 to at least 64 last year.
Jeroen Pijpker from the university’s Maritime IT Security research group links many incidents to Russia, China, North Korea and Iran. He recalls one case where equipment bound for Ukraine became a target. Attackers shared information on Telegram to disrupt the delivery chain.
Other gangs, often from Nigeria or elsewhere, act purely for financial extortion.
Digital growth opens new doors for hackers
The industry’s increasing digitalisation creates more entry points for attackers. Elon Musk’s Starlink satellite service has made ships more connected, and therefore more exposed.
In one case, a US Navy chief lost her post after installing an unauthorised satellite dish on a combat ship so officers could access the internet.
Much of the sector’s official digitisation remains fragmented and outdated. The average cargo ship is 22 years old. Firms cannot afford to dock vessels often for updates.
Digitisation also brings risks such as GPS jamming and spoofing.
“GPS spoofing sends the navigation system a false location,” says Arik Diamant from security firm Claroty. “This can force a ship onto a different course, or even into shallow waters.”
In May, reports said the container ship MSC Antonia ran aground in the Red Sea after suspected GPS spoofing. No suspects were named, but Houthi rebels have attacked ships in the region. GPS interference in the Baltic has been blamed on Russia.
Defensive measures remain costly
Defending against GPS jamming and spoofing is possible but expensive. Anti-jam technology exists, yet not all operators can afford it.
Cargo ships also rely on sensors to track emissions. These devices often transmit data and create further vulnerabilities.
Stricter rules to counter cyber threats
The International Maritime Organization (IMO) introduced new cyber security rules in 2021. These additions strengthened the global safety management code for merchant shipping.
Tom Walters, a shipping specialist at HFW, explains that the rules made cyber risk management mandatory. Ship safety systems must now include specific defences against deliberate cyber attacks.
Measures range from basic IT hygiene to advanced operational safeguards.
“I think the industry is in a good place to face the threat compared with six or seven years ago,” says Stawpert. “Awareness of cyber attacks has grown enormously and will continue to rise.”
Talking to hackers
Back at HFW, Clack explains how communication with gangs takes place. It usually happens during ransomware negotiations. Exchanges are short and through online messaging services. “Often, it’s just one message a day, rarely more than two sentences,” he says.
