The Coast Guard’s Cyber Command Intelligence Department alerted maritime stakeholders last week that typosquatting campaigns by cybercriminals continue to target the maritime transportation system.
Typosquatting targets people who, as the name suggests, make a mistake when typing a URL into a web browser. Users may then be directed to a malicious website that embeds the common misspelling in its URL while posing as a legitimate website. Once on the fake website, the user may be tricked into revealing sensitive information.
Maritime Cyber Alert 01-22, issued by the US Coast Guard Cyber Command in March, reported “a recent increase in the number of malicious actors using spoofed commercial websites to target the transportation system shipping (MTS)”.
“Several MTS partners have discovered well-constructed bogus websites impersonating their legitimate business websites. These sites are presumably created to steal information or install malware on customer devices interacting with the sites,” says the “These spoofed websites are not designed to directly impact the Maritime Organization, but resemble watering hole type attacks where the intended targets are individuals and entities visiting the site. spoofed are professional looking and quite sophisticated, some of them in the form of .com domains, this level of detail can make it difficult to distinguish between a real site and a scam site.
The USCG said last Friday that the attacks continue as “malicious cyber actors continue to usurp the domains of US port facilities using typosquatting techniques in an attempt to redirect users to malicious websites bearing domain names similar”.
Misspellings of several US port facility domains “have recently been recorded, likely for malicious purposes,” the USCG Cyber Command Intelligence Department reported, and “these occurrences have been analyzed and investigated.”
One way to deter typosquatting is for a shipping organization to claim common misspellings before malicious actors do.
“Organizations may intentionally register domains similar to their own to deter adversaries from creating typosquatting domains,” the USCG said. “Other aspects of this technique cannot be easily mitigated by preventive controls because they are based on behaviors performed outside the scope of corporate defenses and controls.”
The USCG also recommended that shipping organizations consider using services such as WHOIS databases that can help track newly acquired domains. “In some cases, it may be possible to pivot on known domain registration information to uncover other infrastructure purchased by the adversary,” the alert noted. “Consider monitoring domains created with a structure similar to yours, including under a different TLD.”
The USCG also recommended that maritime entities ensure cyber hygiene, including avoiding clicks on third-party links. “Treat all traffic passing through your network — especially third-party traffic — as untrusted until it is validated as legitimate,” the USCG said.
Cyber events can be reported to a local Harbor Coast Guard Captain or Coast Guard Cyber Command 24×7 Watch at 202-372-2904 or [email protected]
“Your willingness to comply and report in a timely manner helps the United States respond quickly and effectively and makes critical maritime infrastructure safer,” the USCG said.