New cyber threats have emerged to target vessels and their operators on a global scale since 2021. An important example happened when 1000 shipping vessels were affected after a cyberattack against DNV’s ShipManager software system. This attack was a wake up call to the maritime industry to take proactive measures to mitigate cyberattacks, as well as demonstrate the wide-reaching effects of such attacks. With the disruption of global trade following the Suez Canal blockage, criminals discovered they could profit from the financial consequences of an attack on a vessel. As such, phishing emails are often used to compromise a vessel. This form of social engineering persuades crewmembers to click on malicious links which can result in the installation of ransomware or other malicious software on their computers.
Recently, the AI-powered chatbot ChatGPT has emerged, making it easier than ever for attackers to efficiently generate persuasive phishing emails. ChatGPT is capable of writing convincing emails that use American English, making it more difficult to distinguish between legitimate and illegitimate emails. Furthermore, it produces individual, authentic-looking emails, which help prevent immediate detection. Along with the ease of generating emails, ChatGPT can also generate malicious links and attachments to ensure the completeness of an attack.
This tool has raised legitimate concern among decision makers, security professionals, and the public. Research shows that the click rate of emails sent by ChatGPT is much higher than the professional red teamers’ click rate. Additionally, surveys have highlighted the growing level of concern about the use of generative AI in creating scam emails. This threat is further reflected in research commissioned by Darktrace, which recorded a 135 percent increase in phishing attacks from 2023, in part due to ChatGPT.
The use of ChatGPT for infiltrating vessels has many associated effects for the maritime industry. Cybercriminals are motivated by the financial gains associated with these attacks, having the potential to disrupt global trade and be costly for industry operators. To safeguard vessels from such attacks, increased security measures such as staff training around identifying phishing emails is essential. The original article also mentioned OpenAI and its CEO, Sam Altman, as the company behind the development of ChatGPT. OpenAI is an artificial intelligence research laboratory constituted in 2015 with the goal of developing safe, trustworthy AI. Sam Altman is the current CEO of OpenAI and a partner at Founders Fund, a Silicon Valley venture capital firm. To conclude, ChatGPT has demonstrated its ability to make cyberattacks easier to execute, and the maritime industry must be aware of the potential risks that come with its use.
