Researchers at the University of Twente, led by Georgios Michail Makrakis, have developed a novel cybersecurity approach to combat the rising tide of cyber threats in the maritime industry. Their work, presented in the paper “Salty Seagull: A VSAT Honeynet to Follow the Bread Crumb of Attacks in Ship Networks,” introduces a honeynet designed to simulate a VSAT (Very Small Aperture Terminal) system commonly used on ships. This innovative system aims to gather valuable insights into ongoing attack campaigns targeting maritime networks.
The maritime industry has increasingly become a target for cyberattacks, with ships’ specialized and interconnected network infrastructures posing significant vulnerabilities. Legacy systems and operational constraints further exacerbate these risks. To address this, the researchers propose the use of cyber-deception techniques, specifically honeynets, which are decoy networks designed to attract and study cyber attackers. The Salty Seagull honeynet is engineered to mimic the operations of a functional VSAT system onboard ships, allowing users to interact with it through a web dashboard and a command-line interface (CLI). By integrating known vulnerabilities into the system, the researchers aim to increase attacker engagement and gather more detailed information about their tactics and methods.
The Salty Seagull honeynet was exposed to the Internet for 30 days to assess its effectiveness. During this period, the researchers observed numerous generic attacks. However, only one attacker demonstrated a deep understanding of the system’s nature and vulnerabilities, successfully accessing the honeynet without fully exploring its potential. This finding highlights the effectiveness of the honeynet in attracting sophisticated attackers and provides valuable data on their behavior and techniques.
The practical applications of this research are significant for the maritime sector. By deploying honeynets like Salty Seagull, shipping companies and maritime organizations can gain a better understanding of the threat landscape, identify emerging attack patterns, and develop more robust cybersecurity measures. The insights gained from these decoy networks can inform the development of more effective defense strategies, ultimately enhancing the security of critical maritime assets.
The work of Makrakis and his team represents a proactive step towards securing the maritime industry against cyber threats. Their innovative use of honeynets offers a promising approach to studying and mitigating cyberattacks, providing a valuable tool for cybersecurity professionals in the maritime sector. As cyber threats continue to evolve, such research is crucial in staying ahead of attackers and safeguarding the integrity and security of maritime operations. Read the original research paper here.