Marlink has released its Security Operations Centre (SOC) report for the latter half of 2024, revealing that maritime users are increasingly targeted by sophisticated cyber threats.
The report indicated that cybercriminals had refined their strategies, improved operational efficiency, and incorporated new technologies to enhance their attack capabilities.
Over the six-month period leading to December 2024, Marlink’s global SOC network monitored 1,998 merchant and leisure vessels, documenting significant security activity, including nine billion security events and 39 billion firewall events.
The report also noted 718,000 alerts and 10,700 malware incidents, alongside the management of 50 major incidents.
Email was one of the most commonly exploited vectors for cyberattacks, with users being targeted through phishing schemes, malware-infested attachments, and misleading links, according to the report.
A notable trend identified in the report is the rising use of generative artificial intelligence (genAI) among cybercriminals.
Hackers utilised large language models (LLMs) to expedite malware creation, automate phishing efforts, and improve social engineering methods.
This development has contributed to a notable increase in AI-assisted cyberattacks, with some actors employing genAI to craft malicious scripts and exploits targeting known cybersecurity vulnerabilities (CVEs).
The data from the report underscored the necessity for more robust enforcement of software policies, improved endpoint control, and heightened user awareness aboard vessels, according to Marlink.
The report revealed a shift towards a more organised cybercriminal ecosystem, with access brokers gaining prominence.
According to the company, the market for network access doubled in the past year, as cybercriminals increasingly relied on these services to infiltrate corporate environments.
Marlink Cyber president Nicolas Furgé said: “H2 2024 saw a marked evolution in cyber threats, as malicious actors adopted increasingly efficient, structured, and business-like approaches to cybercrime, putting additional pressure on the maritime industry.
“Looking ahead to 2025, the cybersecurity landscape is expected to become increasingly complex and challenging, increasing the pressure on users to improve protection of assets and people.”
The complexity of these evolving cyber threats underscores the necessity for enhanced security measures and better cyber hygiene practices, according to Marlink.
For 2025, the report forecasted AI-powered cyberattacks, along with ransomware attacks, will continue with a focus on exploiting vulnerabilities within the supply chain to infiltrate networks and interrupt operations.
Cybercriminals are also likely to take advantage of vulnerabilities within 5G infrastructure to execute large-scale Distributed Denial of Service (DDoS) attacks and increasingly target Internet of Things (IoT) and Operational Technology (OT) infrastructure.
Marlink continues to operate a comprehensive network of SOCs, focusing on both IT and operational technology (OT) solutions through its dedicated Marlink Cyber operation.
Last month, Marlink introduced the External Attack Surface Management (EASM) solution to proactively detect and address potential cybersecurity threats for clients.