Hackers are increasing their use of AI

Analysts observed a continued rise in common threats using Command and Control (C&C) infrastructure to create botnet threats, which are growing in number and complexity. Phishing continues to be the leading tactic used by attackers to gain access to corporate networks, though the Security Operations Centre (SOC) also detected an increase in blacklisted malicious traffic.

According to the report, malicious actors are evolving their attack patterns and launching fraudulent campaigns that bypass previously effective security controls, such as two-factor authentication, forcing defenders to react and raise the security level to ensure operations are safeguarded. During 2024, a significant portion of the threats neutralised by the SOC have continued to follow the most common attack vector seen since 2022: phishing. However, in this period, there has been a notable increase in a more advanced form known as »reverse proxy phishing«. Phishing is a classic method where attackers impersonate legitimate entities (like banks or service providers) to trick users into providing sensitive information, such as login credentials or financial data. Traditional phishing often relies on fake websites or fraudulent e-mails to capture user data. »Reverse proxy phishing«.

Phishing is a classic method where attackers impersonate legitimate entities (like banks or service providers) to trick users into providing sensitive information, such as login credentials or financial data. Traditional phishing often relies on fake websites or fraudulent e-mails to capture user data. Traditional phishing often relies on fake websites or fraudulent e-mails to capture user data. »Reverse proxy phishing«, on the other hand, is a more sophisticated version. Instead of simply creating a fake website, the attacker sets up a »proxy« that sits between the legitimate website and the victim. This proxy captures the user’s credentials and, in real-time, forwards them to the actual site, making the victim feel like everything is normal. The danger of this method lies in the fact that it can bypass multi-factor authentication (MFA), which is commonly used to protect sensitive systems. Reverse proxy phishing is a technique used to steal credentials or bypass multi-factor authentication. Once attackers gain access to a network, they can deploy C&C infrastructure to remotely control compromised systems. This could enable the creation of botnets—large networks of infected devices used for malicious activities like Distributed Denial of Service (DDoS) attacks. 

In 2024 Marlink took over Diverto & Port IT for the growing business fiel of cyber security. What synergies do you expect? 

Nicolas Furgé: Marlink has brought together the resources of Diverto, Port-IT with Marlink’s cyber solutions to address growth of cyber threats and the increasing need for compliance. This structure combines existing expertise within Marlink with the skills, resources and geographic presence from the acquisition of Diverto and Port-IT. Some 150 cyber experts will focus developing and delivering the solutions customers need to address emerging cyber challenges.

How do you arm yourself and your systems against cyber attacks? 

Furgé: Ideally owners and operators need to start with a blank sheet of paper. Even if you have deployed multiple protection layers (e.g. anti-virus, endpoint or network security software) you need to understand your broader security posture, where the risks exist and what threats look like. That can mean performing vulnerability assessments and penetration testing to understand where your security is and where it needs to get to. We operate a portfolio of Security Operations Centres including one dedicated to maritime, which will support proactive threat detection as well as defensive solutions for networks, protecting assets down to the level of individual users.

In your opinion, does the cyber risk increase with new ships as more digital technology can be installed, or does it decrease because these new ships and their technologies themselves are better protected against cyber attacks?

Furgé: Arguably the increase in use of digital technology onboard does increase the cyber risk. The increased volume of bandwidth available to users and therefore increased volumes of traffic makes the industry more exposed. This is particularly true in the case of LEO internet because the greater use by crew inherently increases the risks for phishing and social engineering attacks. Cyber security for LEO internet is applied as part of the typical hybrid network configuration we deploy for owners and operators. The Maritime SOC report published last year by Marlink also noted that hackers are increasing their use of AI to attack targets and overcome two-factor authentication, so owners need to position themselves for increased risks in future.

What homework do shipowners have? 

Furgé: As well as the assessment of risk and specific threats they face, shipowners need to remember that most cyber incidents have their roots in human behaviour. The best designed systems will support users to act safely and consistently but in all cases, owners need to ensure that crew are trained to be aware of threats and have an understanding of what they need to do to protect themselves, their colleagues and their employer from cyber threats. Shipowners also need to understand how they are affected by regulation, which is growing tighter as cyber risk increases. The most recent, IACS URE26 aims to provide a minimum set of requirements for cyber resilience of ships. Intended for the design, construction, commissioning and operational life of the newbuildings, it is likely that equivalent requirements will be extended to existing vessels in future. Its related requirement, URE27 aims to provide the minimum-security capabilities for systems and equipment to be considered cyber resilient and is intended for third party equipment suppliers. Other regional regimes, some specific to the industry and others more general in nature, have the potential to levy severe financial penalties for non-compliance.

Questions: Michael Meyer

Nicolas Furgé 

President Marlink Cyber

This article was published on 24.04.2025 by HANSA – International Maritime Journal