Report: Maritime Cyberattacks Doubled in 2025
The prevalence of maritime cyberattacks doubled in 2025, according to Korean security firm Cytur, led by an explosion of malware and distributed denial of service (DDoS) incidents. Some of the most concerning examples involved a high-level penetration of the shoreside supply chain, giving the attackers useful information about systems (or even remote access) at a fleet level. Others extended to worst-case scenarios: destroyed equipment, hacked ECDIS chart systems, and remote control of ballast valves.
Hackers are getting better at targeting shipping, Cytur's report shows, and they have a reason: money. Access is the same as ever - exploiting unwitting crewmembers via phishing emails; breaching unprotected public wifi used by the crew; or sneaking aboard via a hacked USB drive, whether by bribing a crewmember to use the drive or by accident. But Cyber threat actors are finding more ways to monetize vessel information, whether by encrypting it, holding it hostage and demanding a ransom from the operator, or by stealing it and selling it to third parties on the Dark Web.
Illicit items found for sale online include voyage logs, cargo manifests, ship design schematics and the personal information of the crew, according to Cytur. Often the operator will pay to avoid having their internal records released: one common ransomware attack involves encrypting the ship's Planned Maintenance System (PMS), forcing the operator to pay in order to recover the voyage's logs. Ransomware attacks and data theft are often found in high-traffic regions, like Asian waters and major hub ports, Cytur said.
Another common form of attack is distributed denial of service (DDoS), a brute-force swarm of automated activity that swamps a network and crowds out legitimate traffic. Hackers may hijack vulnerable onboard routers and other IT infrastructure, then use it to send so many requests that it overwhelms the capacity of the ship's satcom connection, temporarily rendering the ship unable to exchange messages with the home office.
More concerning, though, are hacks targeted at disabling or hijacking ship systems. The "Lab Dookhtegan" ("sewn lips") attack on Iranian tonnage last year was a concerning example. The threat group systematically targeted an Iranian satcom provider, Fanava, to carry out an attack high up the digital supply chain for Iran's state-owned fleet of tankers. After penetrating Fanava, Lab Dookhtegan obtained fleetwide control over ship to shore VOIP services, making it harder for the vessels to communicate with the home office or with port officials.
While in possession of access to the ships' networks, the Lab Dookhtegan group stole corporate documents belonging to Iranian state firms NITC and IRISL, then released them online. When done with its access mission, it destroyed the ships' modems by overwriting partitioned memory; physical replacement of the hardware was required.
Another advanced supply chain attack occurred in October, when Japanese radar and ECDIS builder Furuno was hit by ransomware. The hacking threat group, known as Rhysida, stole Furuno's internal data and threatened to release it; meanwhile, it encrypted the firm's data, disabled backup servers and demanded payment. The attack temporarily interfered with service, updates and parts shipments for Furuno.
Most concerning may be hacking attacks on operating technology (OT), like engine control systems and ballast water systems. Cytur warned that the remote access communications protocols baked into equipment electronics - used by OEM troubleshooting teams to remotely diagnose errors and make changes - remain a vulnerability. If a hacker could remotely control engine output, or ballasting, the results could be catastrophic.
Going forward, Cytur anticipates that AI agent-assisted attacks will become more prevalent, and that this year will be the beginning of an era of "autonomous attacks" with largely or fully AI-directed hacking campaigns. This will de-skill cyber crime, opening up the door to a larger number of would-be hackers, the consultancy predicts.
"The incident data from 2024 and 2025 proves that maritime cybersecurity is no longer an ‘option’ but a matter directly linked to a vessel’s ‘right to operate,'" said Cho Yong Hyun, CEO of Cytur.
From Sea to Sky
Satellite Service Providers Lift the Maritime Industry into the New Space Age
(Article originally published in Nov/Dec 2025 edition.)
Nestled within the aptly named Post Office Bay on Galapagos' Floreana Island sits a relic of analog communication.
A barrel beckons visitors to pitch in their unstamped postcards in the hopes that a passer-by bound for the addressed location retrieves the epistle and ferries it to its destination. If, say, you were a tourist from Palm Beach, Florida and you found a missive to Miami in the barrel, you might take it with you and hand-deliver it to the addressee upon your return home.
The contrivance harkens back to the eighteenth century when northbound English whalers on their way to Alaska's bountiful seas might drop off mail bound for home and pray that mariners headed for the Atlantic might pick it up – a process that might take weeks or months.
The invention of the telegraph in 1837 dramatically sped up maritime communications, reducing the time it took a message to cross the Atlantic to less than a day. Now, thanks to satellites, communications at sea across nearly the entire planet move at light speed, whether for emergency alerts or daily correspondence.
The number of satellites has increased exponentially in recent years due to the rapid growth of mega-constellations like Starlink and Eutelsat's OneWeb. These networks provide broadband Internet from Low Earth Orbit (LEO), the orbital shell some 100 to 1,200 miles above Earth.
LEO satellites complement traditional connectivity enabled by networks of L-band satellites and VSAT (Very Small Aperture Terminal) antennas. Many L-band satellites sit in geostationary orbit 22,236 miles above Earth. This distant vantage allows satellites to see nearly half the planet at once, making them useful for communications and monitoring. Latency is high, however, challenging real-time interactions. That's where LEO mega-constellations, much closer to Earth, offer an advantage.
HYBRID CONNECTIVITY
Maritime providers around the world are helping shipowners take advantage of both next-generation and legacy satellite services with streamlined, multi-orbit solutions.
While combining them can seem confusing, companies like AST Networks simplify the process. In November, the U.K.-based company launched MODULA, a modular, pay-as-you-grow connectivity approach combining LEO, GEO, cellular, backup and safety services in a single managed solution.
Sally Hubble-Button, Global Corporate Communications Manager, explains, "Operators can choose the capabilities they need today and expand as their requirements evolve. Paired with AST's LinkBox – an intelligent routing device with a lifetime guarantee – MODULA ensures seamless network switching, cost-control and reliable connectivity – no matter where in the world you are."
Together, MODULA and LinkBox deliver a scalable, future-ready solution for shipowners.
Hybrid connectivity also strengthens the reliability and redundancy of communications for shipowners. Denmark-based Cobham Satcom's SAILOR XTR VSAT platform works across multiple frequency bands and satellite orbits including GEO, Medium Earth Orbit (MEO) and LEO, allowing use of high-throughput satellite networks like Inmarsat and THOR 7.
As a result, says Søren Egholm, Senior Vice President of Product Management & Marketing, "Vessels maintain consistent access to critical business and safety systems as well as connectivity for crew welfare, even in congested or remote maritime zones." For their part, satellite service providers have embraced third-party device integration as it helps future-proof shipboard systems and reduce operational downtime.
Intellian, the world's largest manufacturer of VSAT antennas for the maritime industry, is also enhancing safety and connectivity through optimized, integrated solutions. The South Korean company recently commercially launched its Iridium Certus® GMDSS Systems along with its compact and enterprise flat panel antennas including OW10HM and OW11FM.
"Designed to fully leverage the power of Iridium Certus Global Maritime Distress and Safety System (GMDSS)," states Jon Harrison, Vice President & Head of Sales for Europe, the Middle East and Asia (EMEA), "Intellian's complete, state-of-the-art C200 and C700M GMDSS Systems provide truly global coverage for the vessel, even in polar regions."
Both systems have received the Marine Equipment Directive Wheelmark and U.K. Marine Equipment Regulations Red Ensign approval. The C700 GMDSS System is the market's only one designed to harness the Iridium Certus 700 service. In a single terminal, it delivers Iridium GMDSS, Long-Range Identification and Tracking (LRIT) and Ship Security Alert System (SSAS) alongside dependable L-band connectivity for business data and voice services.
Intellian CEO Eric Sung adds, "These two new solutions reflect that deep market knowledge, combining our expertise with the power of Iridium Certus GMDSS to deliver safety systems that the maritime community can trust."
MANAGING CYBERSECURITY RISKS
As reliance on both satellites and digitalization grows across the maritime industry, cybersecurity is gaining urgency.
"With this increased volume of bandwidth comes a heightened cybersecurity risk," says Tore Morten Olsen, President of Maritime at Marlink, "the impact of which continues to grow as more maritime users are connected and higher volumes of data are transferred."
While the resilience, cybersecurity and anti-sabotage capabilities of satellite infrastructure are the operator's responsibility, satellite service providers can build maximum operational resilience for end users through innovations to terminal technology. These make use of a combination of L-Band, VSAT and flat panels across LEO, MEO and GEO orbits to maximize data speeds, efficiency and safety.
With its multi-orbit, multi-band technology, Intellian provides its customers the ability to maintain service continuity even if one specific network is targeted or compromised. The company's XEO Series allows customers to switch between Ku-band and Ka-band services from just one antenna without manually changing the RF feed while the V240MT antenna system enables alternating between MEO and GEO networks and between the C-, Ka-, and Ku-bands.
Intellian's Wideband Global Satcom naval antenna, ARC-M4 Block 1, takes things a step further as the first tri-band antenna to provide simultaneous X and MIL Ka-band service. "This capability is the single most powerful tool a customer has to mitigate a geopolitical or cyber attack," says Jon Harrison.
France-based Marlink provides a complete portfolio of cyber tools to help owners proactively prepare for, manage and respond to problems like jamming, GPS spoofing or geofencing of satellite services due to local regulatory regimes. Olsen explained that as part of upgrades to its Eik Teleport, an early maritime satellite communications receiving facility opened in Norway in 1976 to serve oil platforms in the North Sea, the company created Marlink Lab. The simulation facility lets shipowners sandbox adverse situations and develop strategies to enable their employees and crew to quickly respond to risks.
ROBUST SOLUTIONS
To ensure continuity of service in a threat-prone environment, shipowners are seeking robust solutions, which companies worldwide are developing.
A representative of Rhode Island-based KVH Satcom explains, "We see a growing demand among our customers for assistance in managing network and IT operations aboard vessels, especially as many fleets face resource challenges both in simply managing day-to-day onboard operations and the expanding array of cybersecurity regulations."
KVH's network solutions, like its CommBox Edge Secure Suite's Intrusion Prevention System, block harmful traffic in real-time by leveraging industry-leading cybersecurity and proactive monitoring technologies including Cisco Talos and Cisco Snort. KVH also offers a cybersecurity compliance program, which helps its customers maintain compliance with key industry regulations and training requirements.
As of 2021, in accordance with the IMO's Guidelines on Maritime Cyber Risk Management Resolution MSC.428(98), all shipowners must incorporate addressing cyber risks as part of their overall safety and security practices.
Cobham Satcom is also tackling cybersecurity issues across the maritime satellite communications ecosystem all the way from onboard terminals to ground segments and space. The company is continuously making hardware and software enhancements to SAILOR, its L-band maritime satellite terminal that uses the Iridium Certus network, and Sea Tel, which offers television at sea.
"On the cyber side, our engineering and product teams continuously implement security upgrades that protect against unauthorized access, malware injection and data interception," notes Søren Egholm. "This includes encrypted control channels, secure firmware updates and secure boot processes that help ensure the terminal cannot be manipulated or hijacked."
Spoofing and jamming of Global Navigation Satellite System (GNSS) signals are another set of threats Cobham Satcom is addressing. This kind of disruption can severely impact connectivity by preventing a ship's satellite terminal from locking onto the right satellite. The company is designing antennas and software to maintain tracking accuracy, resist external interference and enable continued operations even under challenging signal environments.
"The goal is not only to protect against deliberate cyberattacks or electronic warfare," Egholm adds, "but also to ensure continuity of service during periods of geopolitical instability, when connectivity becomes a mission-critical asset."
NAME OF THE GAME
As the world becomes more complex and unpredictable, enhancing resilience to both digital and RF (radio frequency)-based threats is crucial to maintaining secure and stable communications.
While the odd Galapagos tourist can live on a prayer and hope that their postcard will serendipitously reach its destination, shipowners cannot afford to leave things to chance. Today, speedy and uninterrupted communications spirited securely between sea and space are the name of the game.
The opinions expressed herein are the author's and not necessarily those of The Maritime Executive.
DetentionTrackr Launches AI-Powered Global Detention Intelligence Platform
[By: DetentionTrackr]
DetentionTrackr has officially launched, as a new maritime intelligence platform centralising global Port State Control (PSC) detention data, into real?time, actionable intelligence to drive greater efficiency and strategic decision-making across the industry.
In February, 72 vessels were detained across global ports, with 164 detentions recorded since the beginning of 2026 globally. Despite consistent enforcement activity, detention information remains fragmented across regional authorities.
“DetentionTrackr delivers a unified AI-driven view of active vessel detentions, enriched with detailed ownership and management intelligence,” said Thomas Cox, Co-Founder of the platform. “It represents a new category of maritime intelligence, transforming how the industry understands and responds to detention events.”
The platform aggregates live detention data and enhances each report with information including:
- Detailed vessel profiles
- Inspection and detention history
- Ownership structure and beneficial owner mapping
- Ship owner/manager identification and contact information
- Structured risk context
Active detentions are monitored every hour. Resolved cases are archived within the system to support contextual benchmarking and fleet analysis.
The platform is designed for:
- Ship managers seeking fleet benchmarking visibility and competitor performance insights
- Charterers assessing detention exposure prior to fixing vessels
- P&I clubs monitoring operational and compliance risk
- Technical suppliers responding to machinery, safety and deficiency-related detentions
- Maritime service providers addressing urgent operational gaps
- Port agents requiring early awareness of detained vessels within their regions
- Riding squads mobilising crews to rectify deficiencies and restore compliance
“PSC data is public but operationally fragmented,” said David Holly, Co-Founder at DetentionTrackr. “We built DetentionTrackr to transform dispersed inspection records into structured, actionable intelligence; empowering maritime professionals to make faster, more informed decisions.”
DetentionTrackr is now available for commercial subscription.
The products and services herein described in this press release are not endorsed by The Maritime Executive.
No comments:
Post a Comment