Cybercriminals adopt generative AI and advanced tactics, posing escalating risks to maritime operations
Maritime connectivity provider Marlink has released its latest Security Operations Centre (SOC) report covering the second half of 2024, highlighting an alarming rise in AI-driven cyber threats targeting the global maritime industry.
The report, compiled from Marlink’s monitoring of nearly 2,000 merchant and leisure vessels, recorded a staggering nine billion security events and 39 billion firewall events over six months. A total of 718,000 alerts and 10,700 malware incidents were logged, with 50 major incidents managed by the company’s SOC network.
According to the report, cybercriminals have evolved into more efficient, structured, and business-like organizations, leveraging generative AI (genAI) tools to create malware, automate phishing campaigns, and improve social engineering tactics. The adoption of large language models (LLMs) has accelerated the development of malicious scripts and the exploitation of known cybersecurity vulnerabilities (CVEs).
“H2 2024 saw a marked evolution in cyber threats, as malicious actors adopted increasingly efficient, structured, and business-like approaches to cybercrime, putting additional pressure on the maritime industry,” said Nicolas Furgé, President of Marlink Cyber. “Looking ahead to 2025, the cybersecurity landscape is expected to become increasingly complex and challenging, increasing the pressure on users to improve protection of assets and people.”
One of the most commonly exploited attack vectors in the maritime sector continues to be email, with phishing, malware-laden attachments, and deceptive links posing serious threats to onboard users.
The report also observed a growing market for network access, with access brokers playing a key role in cybercriminal supply chains. The trade in corporate network entry points reportedly doubled in 2024, underlining the increased organization and collaboration among threat actors.
To address these evolving threats, Marlink emphasized the need for stronger software policy enforcement, tighter endpoint control, and heightened cybersecurity awareness among maritime personnel.
In response to the rising threat level, Marlink recently introduced a new External Attack Surface Management (EASM) solution to help clients detect and mitigate potential vulnerabilities before they are exploited.
Looking forward, the SOC report predicts that AI-powered and ransomware attacks will remain prominent in 2025, with threat actors increasingly targeting supply chains, 5G infrastructure, and Internet of Things (IoT) as well as Operational Technology (OT) systems to disrupt operations and extract financial gains.
With cyber threats becoming more intelligent and insidious, Marlink reaffirmed its commitment to delivering integrated IT and OT cybersecurity solutions through its global network of SOCs.
