SideWinder, a cyber-espionage group that has been active since at least 2012, has reportedly increased its attacks on organizations within the maritime and logistics sectors. This concerning development has drawn attention from industry experts, prompting commentary from William Wright, the CEO of Closed Door Security.
Wright describes SideWinder as a significant threat actor, primarily known for espionage directed at governments and military organizations. The shift towards targeting the maritime space is intriguing, with motives likely revolving around information gathering and reconnaissance on their victims.
The maritime industry holds substantial importance in the global supply chain, with vessels functioning as mobile data centers that store sensitive information. The type of critical data present on ships can include navigation systems and details related to military or sensitive cargo.
This highlights why SideWinder’s intentions may be focused on gathering intelligence that could further its agenda. Wright emphasizes the need for heightened awareness among employees in the maritime sector, as the group is reportedly utilizing phishing techniques to target individuals.
He advises that staff should be trained to critically evaluate the authenticity of emails before engaging with links or attachments. Moreover, the fact that SideWinder is exploiting a publicly known Common Vulnerability and Exposure (CVE) indicates that there are significant gaps in cyber hygiene practices within the industry.
While it is understood that updating vessels may not occur as rapidly as IT environments, allowing vulnerabilities to remain unaddressed for extended periods—up to seven years—is viewed as inadequate risk management. In light of these developments, a proactive approach towards cybersecurity in the maritime domain is now more crucial than ever.