As the most universal method of electronic communication yet devised, e-mail is inescapable – even at sea. Yet its ubiquity makes it an attractive target for hackers. Fortunately, GTMaritime has plenty of ways of stopping malicious mails stowing away on vessels, says Jamie Jones, head of service at GTMaritime.
Email has been part of our computing lives for more than four decades. It’s the most reliable, most universal communication method yet devised online. It’s free and easy to start using, everyone understands what it is, and it offers a way to reach absolutely anyone. It’s no wonder then that more than 250 billion messages are hurtling around cyberspace every day.
The vast majority of the messages flitting from server to server – and we’re talking upwards of 90 per cent according to some – are junk.
The offenders include harmless but irritating marketing spam. However, a significant share contain more dangerous payloads. Today, seemingly innocent emails can be used to trick end users into parting with information or to click on links which trigger malicious activity. Others may target specific types of user through social engineering: the email itself does not contain any harmful code but the apparent originator and method of entry into the network can fool the recipient into carrying out a process which may result in lost revenue.
Electronic communication is now as embedded in life at sea as it is on land. Crew use it for everything: from procuring supplies and spare parts, to submitting paperwork to ports and other authorities, and discussions with shore-based engineers on how to fix equipment that isn’t behaving as it should. Email can scale from short messages to long, and from quick-fire conversations to the sorts that unfold over weeks and months. This intrinsic flexibility means nowadays crew contend with the same unremitting stream of messages and overflowing inboxes as the rest of us.
Modern clients come with features like automated prioritisation, thread management and one-click unsubscribe that can help manage the mountain of messages if you let them. However, in the constant battle to reduce the number of unread messages, users can sometimes rush and miss the warning signs that expose spoof messages and phishing attempts.
“Dealing with email is an additional cognitive burden on crew who already shoulder responsibility for ensuring the safety of multi-million dollar vessels,” says Jamie Jones, head of service at GTMaritime. Integral to the company’s GTMailPlus solution, for example, is a mail filtering system that protects systems from cyber-threats by continually scanning and sifting millions of email messages before they are beamed onboard by satellite.
“Cybercriminals have become much more adept at disguising spoof messages,” adds Jones. “They do their homework into their target audience and compose messages that are unnervingly realistic and plausible. Users need increasingly sophisticated understanding of the content and context of every email they receive to sniff out a rat – and that’s an unrealistic expectation, especially when options are available to automate that task.”
Today more than 5,000 ships rely on GTMaritime’s technology, which lightens the burden on seafarers and protects operators against financial loss or worse by employing techniques that methodically scrutinise all incoming traffic and stop suspect messages from crossing the virtual gangplank.
As more vessel operators sign up to a service that typically acts as a shipowner’s first line of defence against cyberthreats landing onboard, the UK-based firm has invested heavily in developing its network and servers to maximise resilience and upgrade their sleuthing capabilities. On a typical day, the company’s mail gateways now handle almost 300,000 messages headed for ships in a variety of market segments worldwide – amounting to 105 million messages per year.
Before mail can enter the GTMaritime network, the sending server is checked against multiple reputable blacklist organisations. Servers that do not comply to proper configuration standards are denied a connection.
After a connection is established with a reputable mail relay server, each inbound message undergoes a preliminary inspection to confirm its originating IP address, previous relay servers, sender’s address, domain lookups and to detect unusual message headers. Links contained in the body of the message are cross-referenced against domain blacklist databases.
Any discrepancy or suspect practise adds to an overall spam score with messages are rejected if they exceed a preconfigured threshold. Only after passing this initial inspection are messages allowed into the client’s relay servers.
Phishing attempts commonly prey on recipients who are inexperienced or too busy to pay proper attention to what they are seeing. Whilst no software can directly control the action of an end user, cybercriminals are practised at using language and psychological tricks to coerce users into carrying out manual steps which allow or initiate harmful activity. A common tactic is to threaten users with some sort of penalty unless they follow instructions. GTMaritime has added functionality designed to evaluate email content and identify known phishing tactics and warn the recipient of suspect content.
GTMailPlus.Advanced Threat Protection (ATP) service introduced deep content inspection, which can detect a new breed of stealth malware designed to fly under the radar of traditional anti-virus solutions. Deep content inspection works by testing the payload’s behaviour in a ‘sandboxed’ virtual environment – effectively a computer inside a computer – instead of simply checking its surface for known signatures.
Crucially, the whole infrastructure is designed to be scalable. That is to say, it can respond almost immediately to accommodate unexpected spikes in traffic, as well as cope with a general upward trend in data flow between ship and shore as vessel owners increasingly adopt digital solutions.
GTMaritime also ensures service resilience by operating across multiple servers and splitting scanning and filtering across five data centres, three in Ireland and two in Germany. “This level of infrastructure is all about investing in future-proof resilience in a way that addresses the steep climb in the number of messages and attachments darting between ship and shore,” says Jones.
“Email is now integral to day-to-day vessel operation, and this isn’t going to change. In fact, we are seeing a steady growth in message traffic as owners and operators look to embrace digital and IoT technologies.”
Email is also often used as the carrier for getting IoT data to shore, as it is always available, simpler than a bespoke cloud solution and typically requires less investment. With no human-in-the-loop, these machine-to-machine transmissions won’t fall for social-engineering tricks and click through links to spoof websites or open unsafe attachments.
In fact, whether loved or loathed, email is here to stay. “When it was invented more than half a century ago so that university academics could share their research, security wasn’t a priority, because no one foresaw the rise of malevolent actors abusing the technology for criminal gain,” says Jones. “If they had, things might have panned out differently. But it’s too late to turn back the clock and start again. So, at sea just as much as anywhere else, we have to do the best we can to adapt and minimise the negatives.”
Author: Jamie Jones, head of service at GTMaritime. The original article can be viewed on page 39 in the June/July issue of the VPO magazine here.