How AI is Transforming Maritime Cybersecurity: Navigating the Storm Ahead

Generative AI Accelerates Change

At the end of 2022, a largely unknown company launched an application that soon became the fastest-growing app in history, reaching 1 million users within 5 days and 100 million active users within 2 months. This application is ChatGPT (where GPT stands for Generative Pre-trained Transformers). While there have been many advanced AI initiatives before and after ChatGPT, the free-to-use ChatGPT not only brought AI to become a common household name but also marked the point in time when AI changed the course of history.

In an era where generative AI is transforming all aspects of our lives, often dubbed the 4th industrial revolution, shipping professionals must understand how these resources can be misused to create cyber threats in the maritime industry.

While AI has become a powerful tool for boosting productivity, many malicious actors use this technology for personal, ideological, and financial gain. The UK National Cyber Security Centre recently predicted that AI will increase the volume and heightened complexity and impact of cyber operations as it will:

  • Lower barrier to entry to effective and scalable access operations even by novices, significantly uplifting social engineering, phishing, and password stealing, and contributing to increased ransomware threat.
  • Proliferate AI-enabled attack tools (e.g., malware) to novice cyber actors.
  • Reduce the time between the release of security updates to fix newly identified vulnerabilities and the time threat actors exploit the unpatched software.
  • Enhance the ability of threat actors to identify high-value targets, resulting in higher impact from cyber-attacks.

“Cyber resilience challenges will become more acute as the technology develops. To 2025, GenAI and large language models (LLMs) will make it difficult for everyone, regardless of their level of cyber security understanding, to assess whether an email or password reset request is genuine or to identify phishing, spoofing, or social engineering attempts” (UK NCSC)

A Gartner publication also lists “AI-enhanced malicious cyber attacks” as the most commonly cited emerging risk to enterprise businesses in 2024, having both the highest potential impact and fastest evolution, and referencing both internal and external malicious use of AI.

Emerging AI Maritime Cybersecurity Risks  

AI impacts many aspects of cybersecurity threats. Still, the origin of these threats is the same as ever, ranging from individual bad actors to large organized crime syndicates up to state-backed cyber attackers. The motivations of these cyber criminals can be financial or ideological, but either way, they disrupt supply chains and compromise sensitive data. The primary methods of attack are Phishing and Malware (including ransomware). In addition, the adoption of AI by companies also introduces a new form of attack called AAI which aims to subvert the functionality of AI systems.

 

Phishing and Deep Fake 

In May 2024, an employee at the British engineering firm Arup in Hong Kong was duped into moving $25 million USD of company funds to a fraudulent account. While the employee was initially skeptical of the request, he was convinced upon being added to a Zoom call that used AI deepfake technology to replicate the voice and likeness of high-level company executives.

Phishing, an application of social engineering, is a strategy in which the attacker impersonates an individual or organization to gather confidential information and/or lure the target into installing malware. In the last decade, technological advancements have given cybercriminals the tools to create realistic images, emails, and other deepfake methods to lure targets into compromising confidential data and access to an organization’s network. 

Phishing is the most frequent method of cyber attack, constituting 55%, with the frequency of occurrences increasing by 1,265 since 2022, largely attributed to generative AI. The following image, displaying a message created by ChatGPT, shows the simplicity of generating eloquent phishing emails. With more background information on the target, phishing becomes indistinguishable from reputable sources.

While traditionally, phishing was carried out largely through emails, new generative AI capabilities enable misuse of deep fake images, videos and even complete online meetings (as in the Arup incident) in order to exfiltrate sensitive information from employees.

 

Malware

Malware, including viruses and worms, is prevalent in the maritime sector. With AI, resources for threat actors have become more accessible, and it’s easier to create more complex attack tools or accelerate the development of new attacks once a new vulnerability is published. 

Malware uses either Phishing to install its payload or direct attacks that exploit vulnerabilities in devices exposed to the internet. Once the network is compromised, Ransomware, which encrypts data and demands payment for the key, is the most common malware in maritime cybersecurity. Ransoms can reach millions of dollars, damaging the company’s reputation while data and even operational control over ships is withheld.

One of Europe’s largest hubs of international trade, the Port of Lisbon, was hit with an attack by the pro-Russian AI-powered program LockBit in 2022, forcing the port to temporarily shut down its website until $1.4 million was paid. While the ransomware was confined without severe harm, this reflects a growing pattern of ransomware attackers targeting shipping companies. This incident highlights the vulnerability of critical infrastructure to cyber threats. 

As AI evolves, so does malware’s scope and complexity. Generative AI is capable of helping to automate code, allowing even inexperienced threat actors the ability to write convoluted programs. This includes the growing threat of polymorphic malware, which can mutate and encrypt its code. Attacks can range in effect, from individual crewmembers to entire fleets if the malware can take advantage of vulnerabilities in the network.

AI also accelerates activities from existing threat actors. In one case, an exploit of a newly published bug in MOVEit, a very common remote file transfer application, was found in use within hours of the publication.

 

AAI: Hacking the Cybersecurity AI Algorithm

As AI adoption becomes more widespread, a new type of malware emerges that is specifically tailored to manipulate AI models. This can be used to bypass limitations and restrictions integrated into AI models, for example – producing explicit images in image generation services, but also to evade, bypass, or otherwise overcome AI used by cybersecurity solutions. This is called Adversarial AI (AAI), and there are two main forms of AAI:

  • Poisoning Attacks: Malware that adds harmful data to a machine learning model, either at the training or execution phases. This tricks the model into making mistakes or acting incorrectly outside of design parameters. Attackers use these attacks to manipulate outcomes, reduce accuracy, create hidden triggers for malicious actions, evade detection, and even reverse-engineer training data, thus exposing confidential information.
  • Evasion Attacks: Evasion attacks involve tricking an AI model into making wrong decisions by feeding it specially crafted inputs. For example, phishing emails that contain a visible part prompting the recipient to click on a link but also an invisible, hidden portion containing benign text intended to deceive AI/ML algorithms of spam filters by mimicking “known good” communication. These attacks aim to bypass security measures, such as antivirus software or spam filters.

To mitigate those risks, it’s crucial to ensure you have a multi-layered defense that constantly monitors assets, networks, communications, and configurations, so even if one protection point fails, you can still identify the risk and react quickly before it’s too late.

 

 

AI as a Defense against Maritime Cybersecurity  Threats

While AI has risen as a prominent accelerator for cyber threats facing maritime activity, the use of AI tools also serves to fight these new threats, not only by improving cyber defenses but also as a tool to simplify processes for better adoption of and adherence to good cyber hygiene.

Improving Technology

Just as generative AI has improved the efficiency and frequency of malware, this technology also improves the reach and efficiency of technologies that counter cyber threats. A few examples of how AI assists in cyber protection include:

  • Significantly improving anomaly detection beyond traditional methods. New AI models benefit from unprecedented capabilities to analyze huge quantities of unstructured data and find relevant patterns. But for the models to work efficiently they need to be properly trained. For example, Cydome employs AI that was specifically trained on maritime data to achieve much better results in identifying anomalies and threats and assisting cybersecurity processes and protocols/playbooks.
  • Making cyber protection information more accessible even to non-professionals, thus improving decision-making and reducing incident response time. Cydome’s AI assistant uses AI in order to accurately calculate risk calculation (of devices, networks, vessels) taking into account multiple parameters, including the context of different events, and assists in recommendations.
  • Automating more processes that previously needed to be executed manually, as it’s easier to automate processes using AI rather than hard-coding various processes and decision points.

 

 

Conclusion

As the maritime industry is undergoing a digital transformation and transitioning to a risk-based approach to cybersecurity, the amount of information processing that needs to take place in order to identify, manage, and respond to cyber events mandates deep use of AI for cyber protection.

While generative AI poses significant threats to the maritime security market, it also offers powerful tools to mitigate those challenges. As technology continues to advance, so will the sophistication and frequency of these attacks, but so will the efficiency of cybersecurity.

You are invited to leave your details and book a session with our expert.
share the article
Skip to content