SecurityBrief Asia logo
Asia's leading source of cybersecurity and cyber-attack news
Story image

Did you know your superyacht can be cyber-pirated?

FYI, this story is more than a year old

I was reading an article several weeks ago on attackers being able to hold super yachts - the super-luxurious boats owned by the jet-setting rich and famous – hostage using ransomware, says Jay Kelley, senior product marketing manager at Menlo Security.

A white-hat hacker at a recent super-yacht investor conference (who knew there were even such events?) demonstrated, in less than thirty minutes, how he took control of a super-yacht's satellite communications system, meaning that the cyber-pirates had control over the ship's Wi-Fi, telephone system, and even the navigation system. They could read emails, gather banking information, and even steer the boat totally off-course without the ship's crew being any the wiser.

This attack could be carried out several ways. One way was to hijack the targeted ship's Wi-Fi – which, in most cases, offers an exceedingly strong signal, surpassing the ship's boundaries and enabling an adjacent ship to “war-wagon” the target ship's Wi-Fi and hack it. Another was by a simple drive-by download – where an owner, crewmember, guest, or person on-board the ship, using the on-board Wi-Fi, surfs to a sketchy website and clicks on an even dodgier web link, launching malware or a phony pop-up window stating that a new media player or update is required.

And, with that, malware is downloaded to the user's device that hijacks the ship's WiFi and spawns attacks, even ransomware throughout the ship's networks. This got me thinking: What is the difference between an attack like this on the high seas versus a similar attack on land?

Aside from being stranded and steering off-course for miles, or dead in the water with your navigation and communication systems being held for a king's ransom, not really that much. The same sort of attack, leveraging a drive-by download, watering hole attack, or even a phishing email, could strike your home, even your business. Let's look at a similar attack on your home. You surf to a webpage that has been hijacked and is infected with malware, or you receive an email from an old friend that you haven't heard from in ages asking you to click on a link to see a reunion picture or open video.

Once you click on that dubious link, your home systems begin to act wonky. Your IP address on your Wi-Fi changes automatically. Your connected thermostat suddenly stops working. Your connected refrigerator tells you need to buy 3,000 gallons of ice cream. Your connected sound system suddenly, out of the clear blue, starts blaring thrash metal music – and you're a classical fan. Your home has been hacked.

And, the ransom note that has popped up on your computer says that unless you pay one bitcoin – which is now worth $2,500 USD – by the deadline, not only will all the data on your computer be and remain encrypted, then even deleted, but each of your home systems will fail, one by one, until you pay up. And, even if you do pay the ransom, there is no guarantee that you will ever get your data or even control of your home back.

Now, you're a business owner. You have a medium-sized business, a small and overworked IT team, and a limited security budget. You have deployed anti-virus and anti-malware software on your user's devices. You have email security, protecting against unknown user emails. You've also deployed firewalls and other perimeter defenses. You've even deployed a secure web gateway or similar functionality in a next-generation firewall, to ensure your users – employees, contractors, guests, etc. – can only access appropriate websites during certain times of the day.

You even have electronic doors with keycards to track your users' access. And, you have security cameras throughout your company, inside and out. You feel that you're as secure as you can afford to be. You have “good enough” digital and physical security. Then, one day, a person on your team receives an email from an old friend, asking them to click on a web link for a great video. Or, they receive an email from one of your suppliers, asking them to click a link to re-enter your company's user name and password.

Or, one of your users navigates to a website that they've used every day to do their job, to gather research or whatever the reason, to be productive. Once that user clicks on a link, your network, your data, your business, even your office and all the connected devices in it, could be at risk. Think this can't happen to you or your company? Thinks again. In January 2017, a boutique resort hotel in the Austrian Alps was attacked by ransomware initiated by a phishing email.

Their electronic door locking, reservation, and cash systems were held ransom. While guests were not locked in or out of their rooms – as electronic door locks need to work even if there is a power outage, so there is always an override – new electronic key cards could not be issued to guests checking in. Also, reservations could not be confirmed or canceled because the reservation system was also held hostage.

The hotel paid the ransom to re-gain control of their systems. While this attack happened to a hotel, think about if this happened to your business. How difficult would it be for your users if their electronic keycards or badges were to not operate automatic doors? How would you be able to know who is accessing what, where and when? Or, if your Wi-Fi and even connected network were taken offline? How productive could your users be?

Or, if all your fire alarms and other alerts were blaring all day, with no means to turn them off? Or, if your HVAC was inoperable in the summer or in the dead of winter? What if your security cameras were turned off – and turned into botnet zombies? And, on top of all this, your data is being held for ransom.

Could you and your company cope? Consider that, in 2017, Gartner anticipates there to be over 8 billion connected “things” – the Internet of Things (IoT) – and over 20 billion by 2020; that's in just three years. Then consider that security for the IoT in your home, business, even super-yacht, is seriously lacking.

Developers of connected devices for home, auto, and business have not been as security-conscious as they could be. This is one of the reasons why tens of thousands of CCTV cameras have been hijacked to become integral components of the infamous Mirai botnet. Additionally, users have been notoriously lax in taking security seriously, leaving no password or 3 default passwords as the gateway to their connected home, even business IoT devices.

Plus, even if a security opening is discovered with an IoT device, in most cases, there is no way to patch the device. Most IoT devices use an embedded operating system, many of which are dated and unable to be upgraded. Take all these factors into consideration, and you have a huge issue for consumers and businesses, and an incredible opportunity for hackers to exploit connected homes, businesses, autos – and, yes, super-yachts.

Now, stir into this stew of insecurity the fact that attackers are becoming much more sophisticated with their phishing email techniques, doing their pre-texting homework on targeted users, crafting phishing emails and email addresses almost indistinguishable from legitimate emails (artisanal phishing?), and specifically targeting the weakest link in the home or corporate email chain. Attackers are also developing and launching even more devious, better camouflaged web malware minefields and better targeted watering hole attacks. This is fast becoming a disaster just waiting to happen.

The only way to ensure that you, your home, your business, or even your super-yacht is not susceptible to attack is to stop users from accessing email, surfing the web, or clicking on links. But, none of that is possible: Everyone needs email to be productive today. The web is a necessary work tool.

And, trying to ensure that users don't click on any links they receive or on any website they surf to is impossible – it's almost human nature to want to click, especially if it's about the Kardashians, am I right? So, what can you do? You can install what amounts to bulletproof glass between you and your users, and the Internet.

That bulletproof glass is called web isolation. While the word “isolation” sounds scary and lonely, consider that one of the definitions of “isolate” is to “identify (something) and examine or deal with it separately”. That's what web isolation does: It identifies web access – regardless if it's via a user surfing to a website and clicking on an ad or link on that website, or opening an email and clicking on a web link or a link to a web document (Word, Excel, PowerPoint, etc.) – and isolates the web session.

It launches the web page or web document in isolation, dealing with it separately. It sequesters any malware in a virtual, disposable container, and returns a clean, rendered webpage to the user's endpoint device. There is no sandboxing – which, by the way, many of the latest ransomware infections look for and if one is found, the malware does not start.

There is no “good vs. bad” assessment, which can lead to false positives – or worse, false negatives. There is just no more malware, no more phishing, no more ransomware. It's one-hundred percent safety via isolation, making it safe to click. Now, that's security.

Related stories
Top stories
Story image
Malware
Black Lotus Labs discovers new, multipurpose malware
Black Lotus Labs, the threat intelligence team at Lumen, has discovered a new, rapidly growing, multipurpose malware written in the Go programming language.
Story image
Distributed Denial of Service
Sysdig reveals a loss of $53 for every $1 cryptojackers gain
The 2022 Sysdig Cloud Native Threat Report breaks down supply chain attacks against containers and how geopolitical conflict influences attacker behaviours.
Story image
Firewall
Barracuda accelerates growth in its data protection business
Barracuda cloud-to-cloud backup protects against evolving cyber threats, such as ransomware, and is now transactable in the Azure Marketplace.
Story image
Apple
Jamf shows intent to acquire mobile security firm ZecOps
This acquisition positions Jamf to help IT and security teams strengthen their organisation’s mobile security posture.
Story image
Work from home
Jamf showcases new products to simplify and secure work
At the 13th annual Jamf Nation User Conference, the company shared how its continuous product innovation is helping organisations succeed with Apple.
Story image
Network Management
Fortinet introduces enhanced AIOps across its gateways
FortiAIOps builds on Fortinet's rich history of developing artificial intelligence to deliver actionable network insights for self-optimising management.
Story image
Kaspersky
Cybersecurity loopholes prevalent in South East Asia
In terms of the share of vulnerabilities with publicly available exploits, three countries out of top five are located in Southeast Asia.
Story image
Cloud
How modern IT architectures are moving beyond network visibility
Dealing with multiple cloud providers makes it difficult to identify security threats and performance bottlenecks and troubleshoot issues.
Story image
Malware
Cybereason delivers nation-state level of protection to enterprises
Cybereason has announced new advancements in Cybereason NGAV that deliver nation-state level protection for organisations of all sizes.
Story image
Software-as-a-Service
Varonis adds secrets discovery to data classification
The data security firm announces enhancements that detect and remediate overexposed private keys, encryption certificates, API keys, and authentication tokens.
Story image
Cybersecurity
StackHawk launches deeper API security test coverage
Expansion of test coverage includes custom scan discovery, custom test scripts and custom test data for REST APIs.
Story image
Malware
Kaspersky uncovers new malicious malware NullMixer
Kaspersky researchers have uncovered a new malware stealing users credentials, address, credit card data, cryptocurrencies, and accounts.
Story image
Virtual Private Network
95% of organisation rely on VPN as threats continue - report
There is a growing number of VPN-specific security threats and a need for Zero Trust security architecture in enterprise-level organisations.
Story image
Cybersecurity
De-risking the innovation cycle – a modern, real-time approach to security
Many organisations see cybersecurity as an inhibitor of innovation, with burdensome protection measures standing in the way of progress and speed.
Story image
Software-as-a-Service
Enterprises yet to fully commit to cybersecurity - CompTIA
“Digital transformation driven by cloud and mobile adoption requires a new strategic approach to cybersecurity, but this poses significant challenges."
Aws Marketplace
Learn how to implement a backup and recovery plan for a new generation of Kubernetes-based modern applications
Link image
Story image
Ransomware
Commvault unveils early warning system, Metallic ThreatWise
A first among data protection vendors, the new cyber deception service detects and contains ransomware threats.
Story image
Cybersecurity
Employees unsure who to go to to report security incident
A new study shows more than 20% of the untrained global workforce do not know who to contact during a security breach.
Story image
Cybersecurity
Video: 10 Minute IT Jams - An update from SearchInform
Val Novoselova joins us today to to discuss new trends in the information security space, and how SearchInform is adapting to some of the new trends we are seeing.
Story image
Cybersecurity
Macroeconomic headwinds driving security up priority list
Current macroeconomic headwinds are driving security up enterprise’s priority list and reshaping the hardware Security Module market.
Story image
Enterprise
Delinea shares the importance of PAM, partners and security for modern enterprise
Identity-based security is becoming a crucial tool for modern enterprises as they continue to adapt to different working environments.
Story image
Cybersecurity
Kaspersky updates endpoint detection and response solution
"One of the goals was to make all the solutions capabilities accessible for all types of our users, even those who are making their first steps in EDR."
Story image
Mobile Device Management
How to easily scale your mobile workforce and devices for the peak shopping season
Retailers are under constant pressure to streamline processes and become more efficient while looking for ways to improve customer satisfaction levels.
Story image
Ransomware
Delinea updates DevOps security, remote access more seamless
New enhancements include development support on the most recent Mac computers and improved secrets' management usability through automation.
Story image
Secure Code Warrior
Secure Code Warrior announces Coding Labs innovation
Coding Labs mechanisms allow developers to move from learning to applying secure coding knowledge more efficiently, leading to fewer code vulnerabilities.
Story image
Cybersecurity
Test your API Security with Infinite API Scanner
The effectiveness of API scanning technology can mean the difference between successful and unsuccessful programming outcomes, and often enterprises and IT leaders struggle to get it right.
Story image
Phishing
Vectra Protect team finds Microsoft Teams vulnerability
The Vectra Protect team identified a post-exploitation opportunity in August, allowing malicious actors to steal valid user credentials from Microsoft Teams.
Story image
IT Training
Six ways to transform your cybersecurity training and influence lasting change
If the goal is to win hearts and minds, formal awareness training can fall short and often doesn’t inspire people to care.
AWS Marketplace
Whitepaper: A practical guide for mitigating risk in today’s modern applications
Link image
Story image
Artificial Intelligence
Ordr improves security and management of connected devices
It has implemented more than 80 integrations within the Ordr Data Lake while adding security enhancements to accelerate zero trust segmentation.
Story image
Cybersecurity
Best practices for industrial cyber resilience
Operational technology (OT) security is gaining more attention than ever before, but sufficient understanding of what it takes to prevent breaches is still lacking amongst many organisations.
Story image
Data Protection
Cloudflare brings Data Localisation Suite to more APAC businesses
This allows any business in these countries to service their data locally while benefiting from the speed, security, and scalability of Cloudflare’s global network.
Story image
Hybrid Cloud
Hybrid cloud security driving need for deep observability
Gigamon is bringing application and network-level intelligence together to help network, security, and cloud IT operations teams eliminate security blind spots.
Story image
Cybersecurity
Ransomware attacks continue to increase, report finds
Nearly a quarter of businesses have suffered a ransomware attack, with a fifth occurring in the past 12 months.
Story image
Threat intelligence
Trellix advances threat intelligence with new research centre
Trellix has announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Story image
Malware
SonicWall threat report mid-year update highlights significant threat variance
The 2022 SonicWall Cyber Threat Report mid-year update from SonicWall gives an in-depth insight into many of the current trends across the threat landscape.
Story image
Cloud Security
75% of AU companies had cloud security incident in past year
According to new Venafi research, complexity is due to increase, as companies plan to host more applications in the cloud.
Story image
Edge Security
Security practices for modernising the “spaghetti” of on-premises IT
Many organisations are wondering how to securely modernise their workload, often made up of a “spaghetti” of on-premises applications and management consoles.
Story image
Malware
Decrease in malware volume, but surge in encrypted malware
The Q2 Internet Security Report found office exploits continue to spread more than any other category of malware.
Story image
Legacy
Trellix enables greater cyber resiliency with extended XDR platform
"Legacy SIEM technology has failed to modernise security operations. We are confident Trellix XDR fills this critical gap.”