Cybersecurity firm Resecurity has warned that port authorities and maritime operators face a growing risk of cyber attacks, citing a recent ransomware incident targeting an Adriatic port authority in Europe as evidence of increasing threats to critical maritime infrastructure.
In a new threat intelligence report, the company said ransomware groups and other threat actors are increasingly targeting ports, shipping operators, and logistics networks as geopolitical tensions and digitalization expand the sector’s cyber attack surface.
The warning follows a ransomware attack attributed to the Anubis group that disrupted operations at the Adriatic Port Authority and affected maritime logistics in the region.
According to Resecurity, attackers exfiltrated sensitive information, including safety plans, employee records, and internal communications, before demanding a $10 million ransom.
The company said the incident demonstrates how cyber attacks can generate operational and economic effects comparable to physical disruptions.
Adriatic Attack Highlights Growing Risks
The maritime industry is increasingly reliant on interconnected operational technology and information technology systems, creating new entry points for attackers at those integration points.
The sector’s growing dependence on digital platforms has also heightened concerns over vulnerabilities that could impact cargo movements, port operations, and global supply chains.
According to the International Maritime Organization, maritime infrastructure handles roughly 90 percent of global trade, making it a strategically significant target for cyber espionage and disruptive operations.
Resecurity said the Anubis group has been linked to the exploitation of internet-facing systems, often through known but unpatched vulnerabilities.
The company identified several commonly targeted technologies, including SonicWall VPN appliances without multi-factor authentication, Cisco SSL VPNs, SolarWinds Web Help Desk software, and the recently disclosed CitrixBleed 2 vulnerability.
The report also highlighted a rise in hybrid tactics affecting maritime operations, including GPS spoofing and manipulation of Automatic Identification System (AIS) signals, particularly in regions impacted by ongoing conflicts.
The company drew comparisons with previous cyber incidents that disrupted port operations worldwide, including attacks on South Africa’s Transnet ports operator, the ransomware attack that halted operations at Japan’s Port of Nagoya, and a reported Israeli cyber operation against Iran’s Shahid Rajaee Port.
Such incidents, it said, demonstrate the potential for cyber attacks to cause significant delays, cargo backlogs, and financial losses.
Threats Expected to Grow
Broader geopolitical instability has heightened concerns about maritime security.
Conflicts in Ukraine and the Middle East have already disrupted global supply chains, increased shipping costs, and driven up marine insurance and war-risk premiums, placing additional pressure on international trade routes.
Resecurity expects these pressures to compound cyber risks as geopolitical instability gives threat actors both motive and cover for targeting critical maritime infrastructure.
The company expects cyber threats against maritime organizations to intensify over the coming years as ports continue modernizing their operations and integrating digital technologies.
The company urged port operators and maritime organizations to strengthen cyber defenses through proactive vulnerability management and adherence to maritime cybersecurity frameworks, including the International Safety Management Code and cybersecurity guidelines developed by the International Association of Ports and Harbors.
