Resecurity (USA), a leading cybersecurity firm, has issued a stark warning about the growing wave of cyber attacks targeting port authorities and maritime operators. Their latest threat intelligence highlights a surge in sophisticated attacks—ranging from ransomware to supply chain intrusions—aimed at disrupting global shipping, port operations, and critical maritime infrastructure. The company forecasts that these cyber threats will intensify through 2030, driven by geopolitical tensions and the increasing digitalization of the maritime sector. Marine insurance and war-risk premiums surged drastically, further crippling cargo transit through the major global trade hubs.
The wars in Iran and Ukraine, have profoundly impacted Africa through severe energy shocks, soaring living costs, and disrupted supply chains. These systemic macroeconomic impacts, global companies have documented at least $25 billion in direct financial losses. While these conflicts are geographically distant, Africa’s reliance on imports and global supply networks has made its economies highly vulnerable to these external disruptions.
The convergence of operational technology (OT) and information technology (IT) in ports has created new vulnerabilities, with attackers targeting these integration points. According to International Maritime Organization (IMO), the strategic significance of maritime infrastructure—handling up to 90% of global trade—makes it a prime target for disruptive and espionage-driven cyber operations.
The maritime sector’s rapid digital transformation—integrating technology platforms—has expanded the attack surface, making it easier for adversaries to exploit vulnerabilities. Hybrid warfare tactics such as GPS spoofing and AIS manipulation are increasingly prevalent, especially in regions affected by conflict. To increase awareness among security professionals, Resecurity released a case study with an analysis of Anubis Ransomware affecting one of the major port authorities in the EU, highlighting an example of confirmed malicious cyber activity with kinetic effects.
Recent severe ransomware attack orchestrated by the Anubis ransomware group targeted the Adriatic Port Authority in EU, affected its operations and disrupted maritime logistics across the region. In the result of the targeted attack sensitive data including detailed safety plans, staff members records, and communications have been stolen. Anubis ransomware is a notorious malware strain known for its ability to encrypt victims’ files and demand hefty ransoms in cryptocurrency for their release. Cybecriminals were demanding 10 million dollars to return victim back to operations.
Cyber attacks targeting port authorities have proven capable of causing disruptions and economic damage comparable to those inflicted by kinetic attacks. For example, cyber attack against Transnet, which operates major South African ports, disrupted container operations at the ports of Cape Town and Durban. A significant build-up in containerized cargo was observed after the port resumed operations a week. This equivalence was vividly illustrated during the Iran-Israel cyber conflict, particularly with the Israeli cyber operation against Iran’s Shahid Rajaee Port in the past, and the Port of Nagoya ransomware attack which brought operations to a standstill and mirrored the chaos of a physical strike.
Resecurity provides a comprehensive portfolio of cybersecurity solutions and services designed to protect these environments from emerging threats – by proactive vulnerability assessment. The experts highlighted the importance of implementing best practices for maritime cyber risk management, which are integrated into the International Safety Management (ISM) Code and Safety Management Systems (SMS), and the International Association of Ports and Harbors (IAPH) Cybersecurity Guidelines.
