Uncategorized

AI Adds To Growing Maritime Cyberthreats

May 22, 2026 By Guest Editorial Listen to this Article 0:00

How’s your cybersecurity plan?

In February, South Korean security firm CYTUR reported that maritime cyberincidents surged by 103 percent in 2025 compared to 2024. Distributed Denial of Service (DDos) ransomware and malware infections accounted for most attacks, with their growth rate more than doubling over the past year. The attacks increasingly targeted operating systems of vessels, not just their information systems.

CYTUR reported that artificial intelligence-driven sabotage is expected to enter a new phase. In 2026, AI is expected to move beyond serving as a support tool to executing operations independently. One 2025 case involving a China-linked group showed that AI agents can perform up to 90 percent of the attack cycle, from vulnerability analysis to data exfiltration, without human intervention.

This lowers entry barriers, enabling less-skilled threat actors to conduct sophisticated, nation-state-level attacks at scale. It’s a big part of what is driving a sharp increase in attacks against maritime organizations.

The Port of Los Angeles’ Cyber Resilience Center is part of a broad, federally funded initiative to secure major U.S. maritime gateways. The Port of Long Beach unveiled a new Cyber Defense Operations Center (CDOC) to protect its digital infrastructure. Handling more than $300 billion in trade annually, the port reports blocking about one attempted cyberattack every three seconds.

The U.S. Coast Guard “Cybersecurity in the Marine Transportation System” final rule (published January 17, 2025), established the first comprehensive mandatory federal cybersecurity requirements for the domestic maritime sector. Its Subpart F — Cybersecurity to 33 CFR Part 101 rule became effective on July 16, 2025, with phased-in compliance deadlines. It built on existing Maritime Transportation Security Act (MTSA) frameworks without expanding the scope of regulated entities.

While necessary, these measures are playing catch-up to a world of rapidly expanding cyberthreats now fueled by AI developing at breakneck speed.

Many of the attacks and threats reported by CYTUR are related to conflicts we have been reading about in the news, but all maritime systems are connected, and no one should be complacent. The Joint Cyber Security Advisory of the U.S. Coast Guard issued a threat notice May 1. The threat actor was named as INC Ransom, and it was “actively exploiting vulnerabilities and phishing pathways to compromise maritimesector networks, steal sensitive data and execute doubleextortion ransomware attacks,” according to the notice.

Primary attack vectors were unpatched, publicfacing applications. The attackers used targeted phishing emails designed to harvest credentials, gain unauthorized access to networks and steal sensitive operational and business data. If access is successful, INC Ransom issues demands in return for both system restoration and nondisclosure of stolen data.

The Coast Guard advised operators to remain vigilant for suspicious emails or unexpected login prompts and to report anomalies immediately to the Coast Guard’s information technology/security personnel. It reads, to us, to be a phishing attack not too dissimilar to the phishing scams most of us have experienced by now, albeit potentially more dangerous. Will the next one be more sophisticated, or, like cheap drone warfare, will they be so plentiful that one eventually gets through?

Tags:

  • Trending Now

    1. Coast Guard: Take Cybersecurity Steps To Protect Business
    2. Mexico Launches $3 Billion Port Manzanillo Expansion
    3. Supply Chain Issues Lead to 24/7 Operations At Major Ports
    4. Ports Of Indiana Commission Approves Container Resolution
    5. Mariners Gain Sealift Experience Through MSPs
    6. High Water Returns To Upper Mississippi, Missouri