Dear Customers,
Thank you very much for your continued support.
We would like to inform you of a security risk caused by setting up a
white list for vessels email.
In some cases, vessel email systems are requested to whitelist to
ensure that emails from charterers and affiliated companies.
A whitelisted e-mail address is a system that unconditionally delivers
the e-mail to the vessel without inspecting the attached file contents
or e-mail contents.
Email addresses that have been whitelisted will not be checked for
attachments or email content.
However, please be aware that there have been cases where this
mechanism has caused security problems on vessels.
Example 1: A virus email with a spoofed sender was delivered to the ship,
and since it was a whitelist domain, it slipped through the virus check.
Example 2: A user’s PC was hijacked by an external attacker, and attack
emails were sent to the vessel using the user’s PC as a stepping stone.
Example 1 is the case of a malicious third party attack, while Example 2
is the case of an accidental attack on a bona fide party, resulting in damage
to the ship due to the whitelist.
Unconditional e-mail delivery by white lists is no longer suitable for the
current cyber security era.
If you have any questions, please feel free to contact us.
Sincerely,