Sponsored By

DNV ransomware attack ‘concerning’: Cyber Threat Analyst

Presuming the DNV ransomware attack was successful, it is only a matter of time before any stolen data appears on marketplaces, according to security experts.

Gary Howard, Middle East correspondent

January 19, 2023

2 Min Read
Red lock on keyboard unsplash
Photo: Unsplash

Servers for DNV’s ShipManager software were targeted in a ransomware attack on January 7, leading to DNV shutting down the servers immediately.

“It’s unclear whether DNV was attacked due to the critical nature of its operations to the global economy or simply because there was an opportunity, but any attack against this type of Operational Technology (OT)-centric organisation is concerning,” said Joshua Cruse, Senior Cyber Threat Analyst at cybersecurity firm Shift5.

“Although this data has not appeared on major marketplaces yet, assuming the attack was successful, it’s only a matter of time.”

Cruse highlighted the forward risks associated with a security breach, especially in an OT environment, and said he will continue to search and monitor the dark web for any mentions of the DNV data..

“Valuable exfiltrated data from a company like DNV likely includes data from onboard operational tech, which could make it quite simple for a bad actor to gain insight into the operational environment and potentially develop a cyber-attack on the operational systems. Given the fact that operational technology has historically relied on security through obscurity, it would be incredibly easy to leverage that information for malicious reasons, potentially bringing fleets to a halt," said Cruse.

Related:70 clients hit by DNV ransomware attack

DNV reiterated that ShipManager software users can still use onboard systems and that the attack does not affect a vessel’s ability to operate.

“There are no indications that any other data or servers by DNV are affected. The server outage does not impact any other DNV services,” added DNV.

Dan Mayer, Threat Researcher at cybersecurity firm Stairwell, said: “Whether it’s attacking an organization like the Port of Lisbon or a software vendor like DNV that supports multiple logistics companies, both cause disruption which is a strong motivator to make ransom payments.

“This is a great example of how impactful data extortion can be. As we have seen in recent years, supply chains are not always resilient and can have global impacts on industry and individuals. The risk of harm is not just from the information locked up, but all of the economic value lost while operations are affected. It continues to show the efficacy of these attacks and how much they put the extorted party under economic pressure to pay.”

DNV said it had reported the attack to the Norwegian Police and advised customers of their responsibilities to report the incident to their local authorities. The Norwegian National Security Authority, the Norwegian Data Protection Authority (DPA) and the German Cyber Security Authority have also been made aware of the attack.

Related:DNV software shut down after cyber attack

In all, the attack has affected 70 customers operating around 1,000 vessels.

About the Author

Gary Howard

Middle East correspondent

Gary Howard is the Middle East Correspondent for Seatrade Maritime News and has written for Seatrade Cruise, Seatrade Maritime Review and was News Editor at Lloyd’s List. Gary’s maritime career started after catching the shipping bug during a research assignment for the offshore industry. Working out of Seatrade's head office in the UK, he also produces and contributes to conference programmes for Seatrade events including CMA Shipping, Seatrade Maritime Logistics Middle East and Marintec. 

Gary’s favourite topics within the maritime industry are decarbonisation and wind-assisted propulsion; he particularly enjoys reporting from industry events.

Conferences & Webinars

Gary Howard regularly moderates at international maritime events. Below you’ll find a list of selected past conferences and webinars.

Get the latest maritime news, analysis and more delivered to your inbox
Join 12,000+ members of the maritime community

You May Also Like